~vpzom/lotide

Question about lotide/hitide v1 PROPOSED

Matthias Beyer: 1
 Include cleaned HTML from remote as raw

 1 files changed, 4 insertions(+), 1 deletions(-)
While there are currently cases where hitide sanitizes content, this is
a hold-over from before lotide did sanitization. This should actually be
implemented there instead, and then frontends can trust the API response
as-is
oh noez, I replied to the wrong thread here.
I'm sorry for the messup. :'-(

Do you want me to re-send the patchset to the proper thread?
ah, okay. I will re-develop the patches for lotide.
But not today, or I will mess up even more! :-)
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~vpzom/lotide/patches/16212/mbox | git am -3
Learn more about email & git
View this thread in the archives

[PATCH] Include cleaned HTML from remote as raw Export this patch

Following the discussion on the ML, this implements rendering of the
remote HTML after cleaning it using ammonia.

Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
Suggested-by: Colin Reeder <colin@vpzom.click>
CC: Colin Reeder <colin@vpzom.click>
---
 src/routes/mod.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/routes/mod.rs b/src/routes/mod.rs
index 67d3ad4..18c03cb 100644
--- a/src/routes/mod.rs
+++ b/src/routes/mod.rs
@@ -1338,6 +1338,9 @@ async fn page_user(

    let title = user.as_ref().username.as_ref();

    let clean_user_desc = ammonia::clean(user.description.as_ref());
    let user_description = render::raw! { clean_user_desc.as_str() };

    Ok(html_response(render::html! {
        <HTPage base_data={&base_data} lang={&lang} title>
            <h1>{title}</h1>
@@ -1427,7 +1430,7 @@ async fn page_user(
                    None
                }
            }
            <p>{user.description.as_ref()}</p>
            <p>{ user_description }</p>
            {
                if things.is_empty() {
                    Some(render::rsx! { <p>{lang.tr("nothing", None)}</p> })
-- 
2.29.2
While there are currently cases where hitide sanitizes content, this is
a hold-over from before lotide did sanitization. This should actually be
implemented there instead, and then frontends can trust the API response
as-is
oh noez, I replied to the wrong thread here.
I'm sorry for the messup. :'-(

Do you want me to re-send the patchset to the proper thread?