diff --git a/app/services/verify_link_service.rb b/app/services/verify_link_service.rb index b317fc31a8..c4f4191e1f 100644 --- a/app/services/verify_link_service.rb +++ b/app/services/verify_link_service.rb @@ -26,7 +26,7 @@ class VerifyLinkService < BaseService def link_back_present? return false if @body.blank? - links = Nokogiri::HTML5(@body).xpath('//a[contains(concat(" ", normalize-space(@rel), " "), " me ")]|//link[contains(concat(" ", normalize-space(@rel), " "), " me ")]') + links = Nokogiri::HTML5(@body).css("a[rel~='me'],link[rel~='me']") if links.any? { |link| link['href']&.downcase == @link_back.downcase } true diff --git a/spec/services/verify_link_service_spec.rb b/spec/services/verify_link_service_spec.rb index 0ce8c9a904..a4fd19751b 100644 --- a/spec/services/verify_link_service_spec.rb +++ b/spec/services/verify_link_service_spec.rb @@ -11,13 +11,14 @@ RSpec.describe VerifyLinkService do before do stub_request(:head, 'https://redirect.me/abc').to_return(status: 301, headers: { 'Location' => ActivityPub::TagManager.instance.url_for(account) }) + stub_request(:head, 'http://unrelated-site.com').to_return(status: 301) stub_request(:get, 'http://example.com').to_return(status: 200, body: html) subject.call(field) end context 'when a link contains an back' do let(:html) do - <<-HTML + <<~HTML Follow me on Mastodon @@ -30,9 +31,9 @@ RSpec.describe VerifyLinkService do end end - context 'when a link contains an back' do + context 'when a link contains an back' do let(:html) do - <<-HTML + <<~HTML Follow me on Mastodon @@ -47,7 +48,7 @@ RSpec.describe VerifyLinkService do context 'when a link contains a back' do let(:html) do - <<-HTML + <<~HTML
@@ -62,7 +63,7 @@ RSpec.describe VerifyLinkService do context 'when a link goes through a redirect back' do let(:html) do - <<-HTML + <<~HTML @@ -113,7 +114,7 @@ RSpec.describe VerifyLinkService do context 'when link has no `href` attribute' do let(:html) do - <<-HTML + <<~HTML @@ -128,6 +129,21 @@ RSpec.describe VerifyLinkService do expect(field.verified?).to be false end end + + context 'when a link contains a link to an unexpected URL' do + let(:html) do + <<~HTML + + + Follow me on Unrelated Site + + HTML + end + + it 'does not mark the field as verified' do + expect(field.verified?).to be false + end + end end context 'when given a remote account' do @@ -141,7 +157,7 @@ RSpec.describe VerifyLinkService do context 'when a link contains an back' do let(:html) do - <<-HTML + <<~HTML Follow me on Mastodon