aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/formatter.ex
diff options
context:
space:
mode:
authorrinpatch <rinpatch@sdf.org>2020-04-08 22:58:31 +0300
committerrinpatch <rinpatch@sdf.org>2020-04-08 22:58:31 +0300
commitd067eaa7b3bb76e7fc5ae019d6e00510b657171d (patch)
tree1e70580489a5561f6a04fee5e0d2662d7653d119 /lib/pleroma/formatter.ex
parentdd4d10b275e76afc029aea642ae3d69b07e33d81 (diff)
downloadpleroma-d067eaa7b3bb76e7fc5ae019d6e00510b657171d.tar.gz
formatter.ex: Use Phoenix.HTML for mention/hashtag generation
Unlike concatenating strings, this makes sure everything is escaped. Tests had to be changed because Phoenix.HTML runs attributes through Enum.sort before generation for whatever reason.
Diffstat (limited to 'lib/pleroma/formatter.ex')
-rw-r--r--lib/pleroma/formatter.ex26
1 files changed, 22 insertions, 4 deletions
diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex
index e2a658cb3..c44e7fc8b 100644
--- a/lib/pleroma/formatter.ex
+++ b/lib/pleroma/formatter.ex
@@ -35,9 +35,19 @@ defmodule Pleroma.Formatter do
nickname_text = get_nickname_text(nickname, opts)
link =
- ~s(<span class="h-card"><a data-user="#{id}" class="u-url mention" href="#{ap_id}" rel="ugc">@<span>#{
- nickname_text
- }</span></a></span>)
+ Phoenix.HTML.Tag.content_tag(
+ :span,
+ Phoenix.HTML.Tag.content_tag(
+ :a,
+ ["@", Phoenix.HTML.Tag.content_tag(:span, nickname_text)],
+ "data-user": id,
+ class: "u-url mention",
+ href: ap_id,
+ rel: "ugc"
+ ),
+ class: "h-card"
+ )
+ |> Phoenix.HTML.safe_to_string()
{link, %{acc | mentions: MapSet.put(acc.mentions, {"@" <> nickname, user})}}
@@ -49,7 +59,15 @@ defmodule Pleroma.Formatter do
def hashtag_handler("#" <> tag = tag_text, _buffer, _opts, acc) do
tag = String.downcase(tag)
url = "#{Pleroma.Web.base_url()}/tag/#{tag}"
- link = ~s(<a class="hashtag" data-tag="#{tag}" href="#{url}" rel="tag ugc">#{tag_text}</a>)
+
+ link =
+ Phoenix.HTML.Tag.content_tag(:a, tag_text,
+ class: "hashtag",
+ "data-tag": tag,
+ href: url,
+ rel: "tag ugc"
+ )
+ |> Phoenix.HTML.safe_to_string()
{link, %{acc | tags: MapSet.put(acc.tags, {tag_text, tag})}}
end
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-25 04:52:17 +0000