diff options
| author |  Daenney <daenney@users.noreply.github.com> | 2023-02-22 22:36:18 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-02-22 21:36:18 +0000 |
| commit | 074f352709c024a04261ebb007dce6772c9eb243 (patch) | |
| tree | 6f0c9d55ebd452c3578eabacfa0404e4520f5abe /internal/web/opengraph.go | |
| parent | [chore] Deinterface processor and subprocessors (#1501) (diff) | |
| download | gotosocial-074f352709c024a04261ebb007dce6772c9eb243.tar.xz | |
[chore] improve opengraph descripiton tag (#1550)
This changes parseDescription to properly encode things to be safe for
usage without removing things like backslashes that may be relevant.
* text.SanitizePlaintext already calls html.UnescapeString so we don't
have to do that
* Replace \n with space early
* Remove duplicate white-space by splitting on fields and joining
* HTML-escape the string we have
* For extra certainty, encode the backslash as \
Fixes #1549
Diffstat (limited to 'internal/web/opengraph.go')
| -rw-r--r-- | internal/web/opengraph.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/internal/web/opengraph.go b/internal/web/opengraph.go index 9636e408f..6fcc524cd 100644 --- a/internal/web/opengraph.go +++ b/internal/web/opengraph.go @@ -134,11 +134,11 @@ func parseTitle(account *apimodel.Account, accountDomain string) string { // parseDescription returns a string description which is // safe to use as a template.HTMLAttr inside templates. func parseDescription(in string) string { - i := html.UnescapeString(in) - i = text.SanitizePlaintext(i) - i = strings.ReplaceAll(i, "\"", "'") - i = strings.ReplaceAll(i, `\`, "") + i := text.SanitizePlaintext(in) i = strings.ReplaceAll(i, "\n", " ") + i = strings.Join(strings.Fields(i), " ") + i = html.EscapeString(i) + i = strings.ReplaceAll(i, `\`, "\") i = trim(i, maxOGDescriptionLength) return `content="` + i + `"` } |