fedi/mastodon
1
0
Fork 1
mirror of https://github.com/mastodon/mastodon.git synced 2024-09-18 19:40:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change verify link service to use CSS selectors instead of a complex XPath query (#31815)

Browse source
This commit is contained in:
Mike Dalessio 2024-09-08 14:50:22 -04:00 committed by GitHub
parent 10143d053a
commit afa2e257e4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 24 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/services/verify_link_service.rb
View file

@ -26,7 +26,7 @@ class VerifyLinkService < BaseService
def link_back_present?
return false if @body.blank?
links = Nokogiri::HTML5(@body).xpath('//a[contains(concat(" ", normalize-space(@rel), " "), " me ")]|//link[contains(concat(" ", normalize-space(@rel), " "), " me ")]')
links = Nokogiri::HTML5(@body).css("a[rel~='me'],link[rel~='me']")
if links.any? { |link| link['href']&.downcase == @link_back.downcase }
true

30
spec/services/verify_link_service_spec.rb
View file

@ -11,13 +11,14 @@ RSpec.describe VerifyLinkService do
before do
stub_request(:head, 'https://redirect.me/abc').to_return(status: 301, headers: { 'Location' => ActivityPub::TagManager.instance.url_for(account) })
stub_request(:head, 'http://unrelated-site.com').to_return(status: 301)
stub_request(:get, 'http://example.com').to_return(status: 200, body: html)
subject.call(field)
end
context 'when a link contains an <a> back' do
let(:html) do
<<-HTML
<<~HTML
<!doctype html>
<body>
<a href="#{ActivityPub::TagManager.instance.url_for(account)}" rel="me">Follow me on Mastodon</a>
@ -30,9 +31,9 @@ RSpec.describe VerifyLinkService do
end
end
context 'when a link contains an <a rel="noopener noreferrer"> back' do
context 'when a link contains an <a rel="me noopener noreferrer"> back' do
let(:html) do
<<-HTML
<<~HTML
<!doctype html>
<body>
<a href="#{ActivityPub::TagManager.instance.url_for(account)}" rel="me noopener noreferrer" target="_blank">Follow me on Mastodon</a>
@ -47,7 +48,7 @@ RSpec.describe VerifyLinkService do
context 'when a link contains a <link> back' do
let(:html) do
<<-HTML
<<~HTML
<!doctype html>
<head>
<link type="text/html" href="#{ActivityPub::TagManager.instance.url_for(account)}" rel="me" />
@ -62,7 +63,7 @@ RSpec.describe VerifyLinkService do
context 'when a link goes through a redirect back' do
let(:html) do
<<-HTML
<<~HTML
<!doctype html>
<head>
<link type="text/html" href="https://redirect.me/abc" rel="me" />
@ -113,7 +114,7 @@ RSpec.describe VerifyLinkService do
context 'when link has no `href` attribute' do
let(:html) do
<<-HTML
<<~HTML
<!doctype html>
<head>
<link type="text/html" rel="me" />
@ -128,6 +129,21 @@ RSpec.describe VerifyLinkService do
expect(field.verified?).to be false
end
end
context 'when a link contains a link to an unexpected URL' do
let(:html) do
<<~HTML
<!doctype html>
<body>
<a href="http://unrelated-site.com" rel="me">Follow me on Unrelated Site</a>
</body>
HTML
end
it 'does not mark the field as verified' do
expect(field.verified?).to be false
end
end
end
context 'when given a remote account' do
@ -141,7 +157,7 @@ RSpec.describe VerifyLinkService do
context 'when a link contains an <a> back' do
let(:html) do
<<-HTML
<<~HTML
<!doctype html>
<body>
<a href="https://profile.example.com/alice" rel="me">Follow me on Mastodon</a>