gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Fix handling of malformed/unusual HTML (#34201)

Browse source
This commit is contained in:
Claire 2025-03-18 15:50:41 +01:00 committed by GitHub
parent 4ad5d8e6e5
commit 547658f086
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 38 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
app/lib/emoji_formatter.rb
View file

@ -24,7 +24,15 @@ class EmojiFormatter
def to_s
return html if custom_emojis.empty? || html.blank?
tree = Nokogiri::HTML5.fragment(html)
begin
tree = Nokogiri::HTML5.fragment(html)
rescue ArgumentError
# This can happen if one of the Nokogumbo limits is encountered
# Unfortunately, it does not use a more precise error class
# nor allows more graceful handling
return ''
end
tree.xpath('./text()|.//text()[not(ancestor[@class="invisible"])]').to_a.each do |node|
i = -1
inside_shortname = false

10
app/lib/plain_text_formatter.rb
View file

@ -16,7 +16,15 @@ class PlainTextFormatter
if local?
text
else
node = Nokogiri::HTML5.fragment(insert_newlines)
begin
node = Nokogiri::HTML5.fragment(insert_newlines)
rescue ArgumentError
# This can happen if one of the Nokogumbo limits is encountered
# Unfortunately, it does not use a more precise error class
# nor allows more graceful handling
return ''
end
# Elements that are entirely removed with our Sanitize config
node.xpath('.//iframe|.//math|.//noembed|.//noframes|.//noscript|.//plaintext|.//script|.//style|.//svg|.//xmp').remove
node.text.chomp