damus.io

damus.io website
git clone git://jb55.com/damus.io
Log | Files | Refs | README | LICENSE

commit ec94a2da5b025174b83f68df84d27549cc925897
parent c7b3fd7331d2dacc3abbae9730fe1f2c8200ba05
Author: William Casarin <jb55@jb55.com>
Date:   Fri, 16 Dec 2022 11:01:27 -0800

sanitize more things: chatroom names, content-warnings

Diffstat:
Mweb/index.html | 6+++---
Mweb/js/damus.js | 25++++++++++++-------------
Mweb/js/ui/render.js | 6+-----
Mweb/js/ui/util.js | 2+-
4 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/web/index.html b/web/index.html @@ -10,12 +10,12 @@ <link rel="stylesheet" href="css/responsive.css?v=11"> <script defer src="js/purify.js?v=1"></script> <script defer src="js/util.js?v=5"></script> - <script defer src="js/ui/util.js?v=9"></script> - <script defer src="js/ui/render.js?v=15"></script> + <script defer src="js/ui/util.js?v=10"></script> + <script defer src="js/ui/render.js?v=16"></script> <script defer src="js/noble-secp256k1.js?v=1"></script> <script defer src="js/bech32.js?v=1"></script> <script defer src="js/nostr.js?v=7"></script> - <script defer src="js/damus.js?v=93"></script> + <script defer src="js/damus.js?v=94"></script> </head> <body> <script> diff --git a/web/js/damus.js b/web/js/damus.js @@ -235,21 +235,12 @@ function process_reaction_event(model, ev) function process_chatroom_event(model, ev) { try { - model.chatrooms[ev.id] = JSON.parse(ev.content) + model.chatrooms[ev.id] = sanitize_obj(JSON.parse(ev.content)) } catch (err) { log_debug("error processing chatroom creation event", ev, err) } } -function process_json_content(ev) -{ - try { - ev.json_content = JSON.parse(ev.content) - } catch(e) { - log_debug("error parsing json content for", ev) - } -} - function process_deletion_event(model, ev) { for (const tag of ev.tags) { @@ -752,6 +743,14 @@ function handle_home_event(model, relay, sub_id, ev) { } } +function sanitize_obj(obj) { + for (const key of Object.keys(obj)) { + obj[key] = sanitize(obj[key]) + } + + return obj +} + function process_profile_event(model, ev) { const prev_ev = model.all_events[model.profile_events[ev.pubkey]] if (prev_ev && prev_ev.created_at > ev.created_at) @@ -759,7 +758,7 @@ function process_profile_event(model, ev) { model.profile_events[ev.pubkey] = ev.id try { - model.profiles[ev.pubkey] = JSON.parse(ev.content) + model.profiles[ev.pubkey] = sanitize_obj(JSON.parse(ev.content)) } catch(e) { log_debug("failed to parse profile contents", ev) } @@ -1529,7 +1528,7 @@ function get_content_warning(tags) { for (const tag of tags) { if (tag.length >= 1 && tag[0] === "content-warning") - return tag[1] || "" + return sanitize(tag[1]) || "" } return null @@ -1595,7 +1594,7 @@ function get_picture(pk, profile) { return robohash(pk) if (profile.resolved_picture) return profile.resolved_picture - profile.resolved_picture = sanitize(profile.picture) || robohash(pk) + profile.resolved_picture = profile.picture || robohash(pk) return profile.resolved_picture } diff --git a/web/js/ui/render.js b/web/js/ui/render.js @@ -290,15 +290,11 @@ function render_reactions(model, ev) { * that is best suited for the profile. */ function render_name_plain(profile=DEFAULT_PROFILE) { - if (profile.sanitized_name) - return profile.sanitized_name - const display_name = profile.display_name || profile.user const username = profile.name || "anon" const name = display_name || username - profile.sanitized_name = sanitize(name) - return profile.sanitized_name + return profile.name } function render_pubkey(pk) diff --git a/web/js/ui/util.js b/web/js/ui/util.js @@ -87,7 +87,7 @@ function show_profile(pk) { */ function newlines_to_br(str="") { return str.split("\n").reduce((acc, part, index) => { - return acc + sanitize(part) + "<br/>"; + return acc + part + "<br/>"; }, ""); }