Use info.fields instead of source_data for remote users

7 files changed, 73 insertions, 19 deletions

diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex
index 2fae7281c..bf2000d90 100644
--- a/lib/pleroma/html.ex
+++ b/lib/pleroma/html.ex
@@ -280,3 +280,31 @@ defmodule Pleroma.HTML.Transform.MediaProxy do
   def scrub({_tag, children}), do: children
   def scrub(text), do: text
 end
+
+defmodule Pleroma.HTML.Scrubber.LinksOnly do
+  @moduledoc """
+  An HTML scrubbing policy which limits to links only.
+  """
+
+  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
+
+  require HtmlSanitizeEx.Scrubber.Meta
+  alias HtmlSanitizeEx.Scrubber.Meta
+
+  Meta.remove_cdata_sections_before_scrub()
+  Meta.strip_comments()
+
+  # links
+  Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
+
+  Meta.allow_tag_with_this_attribute_values("a", "rel", [
+    "tag",
+    "nofollow",
+    "noopener",
+    "noreferrer",
+    "me"
+  ])
+
+  Meta.allow_tag_with_these_attributes("a", ["name", "title"])
+  Meta.strip_everything_not_covered()
+end
diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex
index e54243f06..ada9fb689 100644
--- a/lib/pleroma/user/info.ex
+++ b/lib/pleroma/user/info.ex
@@ -50,6 +50,7 @@ defmodule Pleroma.User.Info do
     field(:emoji, {:array, :map}, default: [])
     field(:pleroma_settings_store, :map, default: %{})
     field(:fields, {:array, :map}, default: [])
+    field(:raw_fields, {:array, :map}, default: [])
 
     field(:notification_settings, :map,
       default: %{
@@ -270,8 +271,10 @@ defmodule Pleroma.User.Info do
       :follower_count,
       :following_count,
       :hide_follows,
+      :fields,
       :hide_followers
     ])
+    |> validate_fields()
   end
 
   def profile_update(info, params) do
@@ -288,6 +291,7 @@ defmodule Pleroma.User.Info do
       :show_role,
       :skip_thread_containment,
       :fields,
+      :raw_fields,
       :pleroma_settings_store
     ])
     |> validate_fields()
@@ -415,7 +419,7 @@ defmodule Pleroma.User.Info do
 
   # ``fields`` is an array of mastodon profile field, containing ``{"name": "…", "value": "…"}``.
   # For example: [{"name": "Pronoun", "value": "she/her"}, …]
-  def fields(%{source_data: %{"attachment" => attachment}}) do
+  def fields(%{fields: [], source_data: %{"attachment" => attachment}}) do
     attachment
     |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end)
     |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end)
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index 225c34875..2be2e3294 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -598,13 +598,17 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
       banner = new_user_data[:info][:banner]
       locked = new_user_data[:info][:locked] || false
-      attachment = get_in(new_user_data, [:info, "source_data", "attachment"])
+      attachment = get_in(new_user_data, [:info, :source_data, "attachment"]) || []
+
+      fields =
+        attachment
+        |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end)
+        |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end)
 
       update_data =
         new_user_data
         |> Map.take([:name, :bio, :avatar])
-        |> Map.put(:info, %{banner: banner, locked: locked})
-        |> Map.put(:info, %{"banner" => banner, "locked" => locked, "source_data" => source_data})
+        |> Map.put(:info, %{banner: banner, locked: locked, fields: fields})
 
       actor
       |> User.upgrade_changeset(update_data)
diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex
index b2a22478d..7be734b26 100644
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@@ -83,8 +83,13 @@ defmodule Pleroma.Web.ActivityPub.UserView do
     fields =
       user.info
       |> User.Info.fields()
+      |> Enum.map(fn %{"name" => name, "value" => value} ->
+        %{
+          "name" => Pleroma.HTML.strip_tags(name),
+          "value" => Pleroma.HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)
+        }
+      end)
       |> Enum.map(&Map.put(&1, "type", "PropertyValue"))
-      |> Enum.map(fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end)
 
     %{
       "id" => user.ap_id,
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index e79a02caa..e8fac8880 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -137,7 +137,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
     emojis_text = (user_params["display_name"] || "") <> (user_params["note"] || "")
 
     user_info_emojis =
-      ((user.info.emoji || []) ++ Formatter.get_emoji_map(emojis_text))
+      user.info
+      |> Map.get(:emoji, [])
+      |> Enum.concat(Formatter.get_emoji_map(emojis_text))
       |> Enum.dedup()
 
     info_params =
@@ -157,16 +159,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
       end)
       |> add_if_present(params, "default_scope", :default_scope)
       |> add_if_present(params, "fields", :fields, fn fields ->
-        fields =
-          Enum.map(fields, fn field ->
-            %{
-              "name" => Formatter.html_escape(field["name"], "text/plain"),
-              "value" => Formatter.html_escape(field["value"], "text/plain")
-            }
-          end)
+        fields = Enum.map(fields, fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end)
 
         {:ok, fields}
       end)
+      |> add_if_present(params, "fields", :raw_fields)
       |> add_if_present(params, "pleroma_settings_store", :pleroma_settings_store, fn value ->
         {:ok, Map.merge(user.info.pleroma_settings_store, value)}
       end)
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex
index d2f3986ff..a2297a8e8 100644
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -93,11 +93,19 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
         }
       end)
 
-    fields = User.Info.fields(user.info)
-    fields_html = Enum.map(fields, fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end)
+    fields =
+      user.info
+      |> User.Info.fields()
+      |> Enum.map(fn %{"name" => name, "value" => value} ->
+        %{
+          "name" => Pleroma.HTML.strip_tags(name),
+          "value" => Pleroma.HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)
+        }
+      end)
 
-    bio = HTML.filter_tags(user.bio, User.html_filter_policy(opts[:for]))
+    raw_fields = Map.get(user.info, :raw_fields, [])
 
+    bio = HTML.filter_tags(user.bio, User.html_filter_policy(opts[:for]))
     relationship = render("relationship.json", %{user: opts[:for], target: user})
 
     %{
@@ -117,12 +125,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
       header: header,
       header_static: header,
       emojis: emojis,
-      fields: fields_html,
+      fields: fields,
       bot: bot,
       source: %{
         note: HTML.strip_tags((user.bio || "") |> String.replace("<br>", "\n")),
         sensitive: false,
-        fields: fields,
+        fields: raw_fields,
         pleroma: %{}
       },
 
diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex
index 3681773be..8a7d2fc72 100644
--- a/lib/pleroma/web/twitter_api/views/user_view.ex
+++ b/lib/pleroma/web/twitter_api/views/user_view.ex
@@ -74,7 +74,15 @@ defmodule Pleroma.Web.TwitterAPI.UserView do
       |> HTML.filter_tags(User.html_filter_policy(for_user))
       |> Formatter.emojify(emoji)
 
-    fields = User.Info.fields(user.info)
+    fields =
+      user.info
+      |> User.Info.fields()
+      |> Enum.map(fn %{"name" => name, "value" => value} ->
+        %{
+          "name" => Pleroma.HTML.strip_tags(name),
+          "value" => Pleroma.HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)
+        }
+      end)
 
     data =
       %{