gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-05-11 20:21:10 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fix handling of malformed/unusual HTML (#34201)

Browse Source
This commit is contained in:
Claire 2025-03-18 15:50:41 +01:00 committed by GitHub
parent 4ad5d8e6e5
commit 547658f086
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 38 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/helpers/admin/trends/statuses_helper.rb
View File

@ -2,11 +2,18 @@
module Admin::Trends::StatusesHelper module Admin::Trends::StatusesHelper
def one_line_preview(status) def one_line_preview(status)
text = if status.local? text = begin
status.text.split("\n").first if status.local?
else status.text.split("\n").first
Nokogiri::HTML5(status.text).css('html > body > *').first&.text else
end Nokogiri::HTML5(status.text).css('html > body > *').first&.text
end
rescue ArgumentError
# This can happen if one of the Nokogumbo limits is encountered
# Unfortunately, it does not use a more precise error class
# nor allows more graceful handling
''
end
return '' if text.blank? return '' if text.blank?

10
app/lib/emoji_formatter.rb
View File

@ -24,7 +24,15 @@ class EmojiFormatter
def to_s def to_s
return html if custom_emojis.empty? || html.blank? return html if custom_emojis.empty? || html.blank?
tree = Nokogiri::HTML5.fragment(html) begin
tree = Nokogiri::HTML5.fragment(html)
rescue ArgumentError
# This can happen if one of the Nokogumbo limits is encountered
# Unfortunately, it does not use a more precise error class
# nor allows more graceful handling
return ''
end
tree.xpath('./text()|.//text()[not(ancestor[@class="invisible"])]').to_a.each do |node| tree.xpath('./text()|.//text()[not(ancestor[@class="invisible"])]').to_a.each do |node|
i = -1 i = -1
inside_shortname = false inside_shortname = false

10
app/lib/plain_text_formatter.rb
View File

@ -16,7 +16,15 @@ class PlainTextFormatter
if local? if local?
text text
else else
node = Nokogiri::HTML5.fragment(insert_newlines) begin
node = Nokogiri::HTML5.fragment(insert_newlines)
rescue ArgumentError
# This can happen if one of the Nokogumbo limits is encountered
# Unfortunately, it does not use a more precise error class
# nor allows more graceful handling
return ''
end
# Elements that are entirely removed with our Sanitize config # Elements that are entirely removed with our Sanitize config
node.xpath('.//iframe|.//math|.//noembed|.//noframes|.//noscript|.//plaintext|.//script|.//style|.//svg|.//xmp').remove node.xpath('.//iframe|.//math|.//noembed|.//noframes|.//noscript|.//plaintext|.//script|.//style|.//svg|.//xmp').remove
node.text.chomp node.text.chomp

9
app/models/account/field.rb
View File

@ -73,7 +73,14 @@ class Account::Field < ActiveModelSerializers::Model
end end
def extract_url_from_html def extract_url_from_html
doc = Nokogiri::HTML5.fragment(value) begin
doc = Nokogiri::HTML5.fragment(value)
rescue ArgumentError
# This can happen if one of the Nokogumbo limits is encountered
# Unfortunately, it does not use a more precise error class
# nor allows more graceful handling
return
end
return if doc.nil? return if doc.nil?
return if doc.children.size != 1 return if doc.children.size != 1