Sanitize remote html in atom feeds, API (not just UI), use cached mention

relations on Status#mentions
2016-03-24 12:40:55 +01:00 · 2016-03-24 12:40:55 +01:00 · c8999a116e
commit c8999a116e
parent 7cd3de3494
6 changed files with 18 additions and 31 deletions
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -12,6 +12,14 @@ module ApplicationHelper
    id.start_with?("tag:#{Rails.configuration.x.local_domain}")
  end

+  def content_for_status(actual_status)
+    if actual_status.local?
+      linkify(actual_status)
+    else
+      sanitize(actual_status.content, tags: %w(a br p), attributes: %w(href rel))
+    end
+  end
+
  def linkify(status)
    mention_hash = {}
    status.mentions.each { |m| mention_hash[m.acct] = m }
--- a/app/helpers/atom_builder_helper.rb
+++ b/app/helpers/atom_builder_helper.rb
@ -137,13 +137,7 @@ module AtomBuilderHelper

  def conditionally_formatted(activity)
    if activity.is_a?(Status)
-      if activity.reblog? && activity.reblog.local?
-        linkify(activity.reblog)
-      elsif !activity.reblog? && activity.local?
-        linkify(activity)
-      else
-        activity.content
-      end
+      content_for_status(activity.reblog? ? activity.reblog : activity)
    elsif activity.nil?
      nil
    else
--- a/app/helpers/stream_entries_helper.rb
+++ b/app/helpers/stream_entries_helper.rb
@ -27,12 +27,4 @@ module StreamEntriesHelper
  def favourited_by_me_class(status)
    user_signed_in? && current_user.account.favourited?(status) ? 'favourited' : ''
  end
-
-  def content_for_status(actual_status)
-    if actual_status.local?
-      linkify(actual_status)
-    else
-      sanitize(actual_status.content, tags: %w(a br p), attributes: %w(href rel))
-    end
-  end
 end
--- a/app/models/status.rb
+++ b/app/models/status.rb
@ -60,22 +60,15 @@ class Status < ActiveRecord::Base
  end

  def mentions
-    m = []
-
-    m << thread.account if reply?
-    m << reblog.account if reblog?
-
-    unless reblog?
-      self.text.scan(Account::MENTION_RE).each do |match|
-        uri = match.first
-        username, domain = uri.split('@')
-        account = Account.find_by(username: username, domain: domain)
-
-        m << account unless account.nil?
-      end
+    if @mentions.nil?
+      @mentions = []
+      @mentions << thread.account if reply?
+      @mentions << reblog.account if reblog?
+      self.mentioned_accounts.each { |mention| @mentions << mention.account } unless reblog?
+      @mentions = @mentions.uniq
    end

-    m.uniq
+    @mentions
  end

  def ancestors
--- a/app/views/api/statuses/show.rabl
+++ b/app/views/api/statuses/show.rabl
@ -2,7 +2,7 @@ object @status
 attributes :id, :created_at, :in_reply_to_id

 node(:uri)              { |status| uri_for_target(status) }
-node(:content)          { |status| status.local? ? linkify(status) : status.content }
+node(:content)          { |status| content_for_status(status) }
 node(:url)              { |status| url_for_target(status) }
 node(:reblogs_count)    { |status| status.reblogs_count }
 node(:favourites_count) { |status| status.favourites_count }
--- a/spec/models/status_spec.rb
+++ b/spec/models/status_spec.rb
@ -50,7 +50,7 @@ RSpec.describe Status, type: :model do
    end

    it 'returns mentioned accounts' do
-      subject.text = 'Hello @bob!'
+      subject.mentioned_accounts.create!(account: bob)
      expect(subject.mentions).to include bob
    end