snac2

Fork of https://codeberg.org/grunfink/snac2
git clone https://git.inz.fi/snac2
Log | Files | Refs | README | LICENSE
commit 236ca9af6b66cfc0c20c4fd5a2b5c8c187bfe3f4
parent 45584746d0f2c5fbfe1f5a6e0572d8ddd4f4f582
Author: default <nobody@localhost>
Date:   Wed, 16 Nov 2022 13:13:31 +0100

Call sanitize() as soon as possible.

Diffstat:

Mformat.c | 6+++---


Mhtml.c | 6++----


Msnac.h | 4++--


3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/format.c b/format.c
@@ -87,7 +87,7 @@ static d_char *format_line(const char *line)
 }
 
 
-d_char *not_really_markdown(char *content)
+d_char *not_really_markdown(const char *content)
 /* formats a content using some Markdown rules */
 {
     d_char *s = xs_str_new(NULL);
@@ -164,11 +164,11 @@ d_char *not_really_markdown(char *content)
 
 
 const char *valid_tags[] = {
-    "a", "p", "br", "br/", "img", "blockquote", "ul", "li",
+    "a", "p", "br", "br/", "blockquote", "ul", "li",
     "span", "i", "b", "pre", "code", "em", "strong", NULL
 };
 
-d_char *sanitize(d_char *content)
+d_char *sanitize(const char *content)
 /* cleans dangerous HTML output */
 {
     d_char *s = xs_str_new(NULL);
diff --git a/html.c b/html.c
@@ -627,7 +627,7 @@ d_char *html_entry(snac *snac, d_char *os, char *msg, xs_set *seen, int local, i
     }
 
     {
-        xs *c = xs_dup(xs_dict_get(msg, "content"));
+        xs *c  = sanitize(xs_dict_get(msg, "content"));
         char *p, *v;
 
         /* do some tweaks to the content */
@@ -663,9 +663,7 @@ d_char *html_entry(snac *snac, d_char *os, char *msg, xs_set *seen, int local, i
             }
         }
 
-        xs *sc = sanitize(c);
-
-        s = xs_str_cat(s, sc);
+        s = xs_str_cat(s, c);
     }
 
     s = xs_str_cat(s, "\n");
diff --git a/snac.h b/snac.h
@@ -135,8 +135,8 @@ int activitypub_post_handler(d_char *req, char *q_path,
                              char *payload, int p_size,
                              char **body, int *b_size, char **ctype);
 
-d_char *not_really_markdown(char *content);
-d_char *sanitize(d_char *str);
+d_char *not_really_markdown(const char *content);
+d_char *sanitize(const char *str);
 
 int html_get_handler(d_char *req, char *q_path, char **body, int *b_size, char **ctype);
 int html_post_handler(d_char *req, char *q_path, d_char *payload, int p_size,