X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_common%2Fsrc%2Futils.rs;h=8ccb7d3fed5dc482d00b73af1a8283dad9ad47dd;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=d259b9e4c1c0c14130c17843ff82a3e57ab615d2;hpb=2de994797e4fe8f569c903de35da55ccdf823fb8;p=lemmy.git diff --git a/crates/api_common/src/utils.rs b/crates/api_common/src/utils.rs index d259b9e4..8ccb7d3f 100644 --- a/crates/api_common/src/utils.rs +++ b/crates/api_common/src/utils.rs @@ -729,31 +729,6 @@ pub async fn delete_user_account( Ok(()) } -#[cfg(test)] -mod tests { - #![allow(clippy::unwrap_used)] - #![allow(clippy::indexing_slicing)] - - use crate::utils::{honeypot_check, password_length_check}; - - #[test] - #[rustfmt::skip] - fn password_length() { - assert!(password_length_check("Õ¼¾°3yË,o¸ãtÌÈú|ÇÁÙAøüÒI©·¤(T]/ð>æºWæ[C¤bªWöaÃÎñ·{=û³&§½K/c").is_ok()); - assert!(password_length_check("1234567890").is_ok()); - assert!(password_length_check("short").is_err()); - assert!(password_length_check("looooooooooooooooooooooooooooooooooooooooooooooooooooooooooong").is_err()); - } - - #[test] - fn honeypot() { - assert!(honeypot_check(&None).is_ok()); - assert!(honeypot_check(&Some(String::new())).is_ok()); - assert!(honeypot_check(&Some("1".to_string())).is_err()); - assert!(honeypot_check(&Some("message".to_string())).is_err()); - } -} - pub enum EndpointType { Community, Person, @@ -819,3 +794,49 @@ pub fn generate_featured_url(actor_id: &DbUrl) -> Result { pub fn generate_moderators_url(community_id: &DbUrl) -> Result { Ok(Url::parse(&format!("{community_id}/moderators"))?.into()) } + +/// Sanitize HTML with default options. Additionally, dont allow bypassing markdown +/// links and images +pub fn sanitize_html(data: &str) -> String { + ammonia::Builder::default() + .rm_tags(&["a", "img"]) + .clean(data) + .to_string() +} + +pub fn sanitize_html_opt(data: &Option) -> Option { + data.as_ref().map(|d| sanitize_html(d)) +} + +#[cfg(test)] +mod tests { + #![allow(clippy::unwrap_used)] + #![allow(clippy::indexing_slicing)] + + use crate::utils::{honeypot_check, password_length_check, sanitize_html}; + + #[test] + #[rustfmt::skip] + fn password_length() { + assert!(password_length_check("Õ¼¾°3yË,o¸ãtÌÈú|ÇÁÙAøüÒI©·¤(T]/ð>æºWæ[C¤bªWöaÃÎñ·{=û³&§½K/c").is_ok()); + assert!(password_length_check("1234567890").is_ok()); + assert!(password_length_check("short").is_err()); + assert!(password_length_check("looooooooooooooooooooooooooooooooooooooooooooooooooooooooooong").is_err()); + } + + #[test] + fn honeypot() { + assert!(honeypot_check(&None).is_ok()); + assert!(honeypot_check(&Some(String::new())).is_ok()); + assert!(honeypot_check(&Some("1".to_string())).is_err()); + assert!(honeypot_check(&Some("message".to_string())).is_err()); + } + + #[test] + fn test_sanitize_html() { + let sanitized = sanitize_html(" hello"); + assert_eq!(sanitized, " hello"); + let sanitized = sanitize_html(" test"); + assert_eq!(sanitized, " test"); + } +}