parent
c67a3e8299
commit
6f545a905b
@ -58,8 +58,7 @@ func GetChatMessages(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
// SendSystemMessage will send an official "SYSTEM" message
|
||||
// to chat on behalf of your server.
|
||||
// SendSystemMessage will send an official "SYSTEM" message to chat on behalf of your server.
|
||||
func SendSystemMessage(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
@ -76,7 +75,7 @@ func SendSystemMessage(w http.ResponseWriter, r *http.Request) {
|
||||
message.Visible = true
|
||||
|
||||
message.SetDefaults()
|
||||
message.RenderAndSanitizeMessageBody()
|
||||
message.RenderBody()
|
||||
|
||||
if err := core.SendMessageToChat(message); err != nil {
|
||||
controllers.BadRequestHandler(w, err)
|
||||
@ -137,6 +136,7 @@ func SendChatAction(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
message.SetDefaults()
|
||||
message.RenderAndSanitizeMessageBody()
|
||||
|
||||
if err := core.SendMessageToChat(message); err != nil {
|
||||
controllers.BadRequestHandler(w, err)
|
||||
|
@ -222,6 +222,8 @@ func (c *Client) chatMessageReceived(data []byte) {
|
||||
c.Username = &msg.Author
|
||||
|
||||
msg.ClientID = c.ClientID
|
||||
msg.RenderAndSanitizeMessageBody()
|
||||
|
||||
_server.SendToAll(msg)
|
||||
}
|
||||
|
||||
|
@ -52,3 +52,14 @@ func TestAllowEmojiImages(t *testing.T) {
|
||||
t.Errorf("message rendering/sanitation does not match expected. Got\n%s, \n\n want:\n%s", result, expected)
|
||||
}
|
||||
}
|
||||
|
||||
// Test to verify we can pass raw html and render markdown.
|
||||
func TestAllowHTML(t *testing.T) {
|
||||
messageContent := `<img src="/img/emoji/beerparrot.gif"><ul><li>**test thing**</li></ul>`
|
||||
expected := "<p><img src=\"/img/emoji/beerparrot.gif\"><ul><li><strong>test thing</strong></li></ul></p>\n"
|
||||
result := models.RenderMarkdown(messageContent)
|
||||
|
||||
if result != expected {
|
||||
t.Errorf("message rendering does not match expected. Got\n%s, \n\n want:\n%s", result, expected)
|
||||
}
|
||||
}
|
||||
|
@ -135,13 +135,6 @@ func (s *server) Listen() {
|
||||
case c := <-s.delCh:
|
||||
s.removeClient(c)
|
||||
case msg := <-s.sendAllCh:
|
||||
// message was received from a client and should be sanitized, validated
|
||||
// and distributed to other clients.
|
||||
//
|
||||
// Will turn markdown into html, sanitize user-supplied raw html
|
||||
// and standardize this message into something safe we can send everyone else.
|
||||
msg.RenderAndSanitizeMessageBody()
|
||||
|
||||
if !msg.Empty() {
|
||||
// set defaults before sending msg to anywhere
|
||||
msg.SetDefaults()
|
||||
|
@ -55,17 +55,23 @@ func (m *ChatEvent) Empty() bool {
|
||||
return m.Body == ""
|
||||
}
|
||||
|
||||
// RenderBody will render markdown to html without any sanitization
|
||||
func (m *ChatEvent) RenderBody() {
|
||||
m.RawBody = m.Body
|
||||
m.Body = RenderMarkdown(m.RawBody)
|
||||
}
|
||||
|
||||
// RenderAndSanitize will turn markdown into HTML, sanitize raw user-supplied HTML and standardize
|
||||
// the message into something safe and renderable for clients.
|
||||
func RenderAndSanitize(raw string) string {
|
||||
rendered := renderMarkdown(raw)
|
||||
rendered := RenderMarkdown(raw)
|
||||
safe := sanitize(rendered)
|
||||
|
||||
// Set the new, sanitized and rendered message body
|
||||
return strings.TrimSpace(safe)
|
||||
}
|
||||
|
||||
func renderMarkdown(raw string) string {
|
||||
func RenderMarkdown(raw string) string {
|
||||
markdown := goldmark.New(
|
||||
goldmark.WithRendererOptions(
|
||||
html.WithUnsafe(),
|
||||
|
Loading…
x
Reference in New Issue
Block a user