commit ec94a2da5b025174b83f68df84d27549cc925897
parent c7b3fd7331d2dacc3abbae9730fe1f2c8200ba05
Author: William Casarin <jb55@jb55.com>
Date: Fri, 16 Dec 2022 11:01:27 -0800
sanitize more things: chatroom names, content-warnings
Diffstat:
4 files changed, 17 insertions(+), 22 deletions(-)
diff --git a/web/index.html b/web/index.html
@@ -10,12 +10,12 @@
<link rel="stylesheet" href="css/responsive.css?v=11">
<script defer src="js/purify.js?v=1"></script>
<script defer src="js/util.js?v=5"></script>
- <script defer src="js/ui/util.js?v=9"></script>
- <script defer src="js/ui/render.js?v=15"></script>
+ <script defer src="js/ui/util.js?v=10"></script>
+ <script defer src="js/ui/render.js?v=16"></script>
<script defer src="js/noble-secp256k1.js?v=1"></script>
<script defer src="js/bech32.js?v=1"></script>
<script defer src="js/nostr.js?v=7"></script>
- <script defer src="js/damus.js?v=93"></script>
+ <script defer src="js/damus.js?v=94"></script>
</head>
<body>
<script>
diff --git a/web/js/damus.js b/web/js/damus.js
@@ -235,21 +235,12 @@ function process_reaction_event(model, ev)
function process_chatroom_event(model, ev)
{
try {
- model.chatrooms[ev.id] = JSON.parse(ev.content)
+ model.chatrooms[ev.id] = sanitize_obj(JSON.parse(ev.content))
} catch (err) {
log_debug("error processing chatroom creation event", ev, err)
}
}
-function process_json_content(ev)
-{
- try {
- ev.json_content = JSON.parse(ev.content)
- } catch(e) {
- log_debug("error parsing json content for", ev)
- }
-}
-
function process_deletion_event(model, ev)
{
for (const tag of ev.tags) {
@@ -752,6 +743,14 @@ function handle_home_event(model, relay, sub_id, ev) {
}
}
+function sanitize_obj(obj) {
+ for (const key of Object.keys(obj)) {
+ obj[key] = sanitize(obj[key])
+ }
+
+ return obj
+}
+
function process_profile_event(model, ev) {
const prev_ev = model.all_events[model.profile_events[ev.pubkey]]
if (prev_ev && prev_ev.created_at > ev.created_at)
@@ -759,7 +758,7 @@ function process_profile_event(model, ev) {
model.profile_events[ev.pubkey] = ev.id
try {
- model.profiles[ev.pubkey] = JSON.parse(ev.content)
+ model.profiles[ev.pubkey] = sanitize_obj(JSON.parse(ev.content))
} catch(e) {
log_debug("failed to parse profile contents", ev)
}
@@ -1529,7 +1528,7 @@ function get_content_warning(tags)
{
for (const tag of tags) {
if (tag.length >= 1 && tag[0] === "content-warning")
- return tag[1] || ""
+ return sanitize(tag[1]) || ""
}
return null
@@ -1595,7 +1594,7 @@ function get_picture(pk, profile) {
return robohash(pk)
if (profile.resolved_picture)
return profile.resolved_picture
- profile.resolved_picture = sanitize(profile.picture) || robohash(pk)
+ profile.resolved_picture = profile.picture || robohash(pk)
return profile.resolved_picture
}
diff --git a/web/js/ui/render.js b/web/js/ui/render.js
@@ -290,15 +290,11 @@ function render_reactions(model, ev) {
* that is best suited for the profile.
*/
function render_name_plain(profile=DEFAULT_PROFILE) {
- if (profile.sanitized_name)
- return profile.sanitized_name
-
const display_name = profile.display_name || profile.user
const username = profile.name || "anon"
const name = display_name || username
- profile.sanitized_name = sanitize(name)
- return profile.sanitized_name
+ return profile.name
}
function render_pubkey(pk)
diff --git a/web/js/ui/util.js b/web/js/ui/util.js
@@ -87,7 +87,7 @@ function show_profile(pk) {
*/
function newlines_to_br(str="") {
return str.split("\n").reduce((acc, part, index) => {
- return acc + sanitize(part) + "<br/>";
+ return acc + part + "<br/>";
}, "");
}
