mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-23 08:41:12 +01:00
* Fix #1870 - Strip control characters out of strings in AtomSerializer * Adjust according to comment by @alpaca-tc
This commit is contained in:
parent
e4af4898de
commit
f902a335f9
1 changed files with 8 additions and 2 deletions
|
@ -3,6 +3,8 @@
|
||||||
class AtomSerializer
|
class AtomSerializer
|
||||||
include RoutingHelper
|
include RoutingHelper
|
||||||
|
|
||||||
|
INVALID_XML_CHARS = /[^\u0009\u000a\u000d\u0020-\uD7FF\uE000-\uFFFD\u10000-\u10FFFF]/
|
||||||
|
|
||||||
class << self
|
class << self
|
||||||
def render(element)
|
def render(element)
|
||||||
document = Ox::Document.new(version: '1.0')
|
document = Ox::Document.new(version: '1.0')
|
||||||
|
@ -311,11 +313,15 @@ class AtomSerializer
|
||||||
|
|
||||||
def append_element(parent, name, content = nil, attributes = {})
|
def append_element(parent, name, content = nil, attributes = {})
|
||||||
element = Ox::Element.new(name)
|
element = Ox::Element.new(name)
|
||||||
attributes.each { |k, v| element[k] = v.to_s }
|
attributes.each { |k, v| element[k] = sanitize_str(v) }
|
||||||
element << content.to_s unless content.nil?
|
element << sanitize_str(content) unless content.nil?
|
||||||
parent << element
|
parent << element
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def sanitize_str(raw_str)
|
||||||
|
raw_str.to_s.gsub(INVALID_XML_CHARS, '')
|
||||||
|
end
|
||||||
|
|
||||||
def add_namespaces(parent)
|
def add_namespaces(parent)
|
||||||
parent['xmlns'] = TagManager::XMLNS
|
parent['xmlns'] = TagManager::XMLNS
|
||||||
parent['xmlns:thr'] = TagManager::THR_XMLNS
|
parent['xmlns:thr'] = TagManager::THR_XMLNS
|
||||||
|
|
Loading…
Reference in a new issue