use ammonia::{Builder, UrlRelative}; use diesel::{ self, deserialize::Queryable, serialize::{self, Output}, sql_types::Text, types::ToSql, }; use serde::{self, de::Visitor, Deserialize, Deserializer, Serialize, Serializer}; use std::{ borrow::{Borrow, Cow}, fmt::{self, Display}, io::Write, ops::Deref, }; lazy_static! { static ref CLEAN: Builder<'static> = { let mut b = Builder::new(); b.add_generic_attributes(&["id", "dir"]) .add_tags(&["iframe", "video", "audio", "label", "input"]) .id_prefix(Some("postcontent-")) .url_relative(UrlRelative::Custom(Box::new(url_add_prefix))) .add_tag_attributes( "iframe", ["width", "height", "src", "frameborder"].iter().cloned(), ) .add_tag_attributes("video", ["src", "title", "controls"].iter()) .add_tag_attributes("audio", ["src", "title", "controls"].iter()) .add_tag_attributes("label", ["for"].iter()) .add_tag_attributes("input", ["type", "checked"].iter()) .add_allowed_classes("input", ["cw-checkbox"].iter()) .add_allowed_classes( "span", [ "cw-container", "cw-text", //Scope classes for the syntax highlighting. "attribute-name", "comment", "constant", "control", "declaration", "entity", "function", "invalid", "keyword", "language", "modifier", "name", "numeric", "operator", "parameter", "punctuation", "source", "storage", "string", "support", "tag", "type", "variable", ] .iter(), ) // Related to https://github.com/Plume-org/Plume/issues/637 .add_allowed_classes("sup", ["footnote-reference", "footnote-definition-label"].iter()) .add_allowed_classes("div", ["footnote-definition"].iter()) .attribute_filter(|elem, att, val| match (elem, att) { ("input", "type") => Some("checkbox".into()), ("input", "checked") => Some("checked".into()), ("label", "for") => { if val.starts_with("postcontent-cw-") { Some(val.into()) } else { None } } _ => Some(val.into()), }); b }; } #[allow(clippy::unnecessary_wraps)] fn url_add_prefix(url: &str) -> Option> { if url.starts_with('#') && !url.starts_with("#postcontent-") { //if start with an # let mut new_url = "#postcontent-".to_owned(); //change to valid id new_url.push_str(&url[1..]); Some(Cow::Owned(new_url)) } else { Some(Cow::Borrowed(url)) } } #[derive(Debug, Clone, PartialEq, AsExpression, FromSqlRow, Default)] #[sql_type = "Text"] pub struct SafeString { value: String, } impl SafeString { pub fn new(value: &str) -> Self { SafeString { value: CLEAN.clean(&value).to_string(), } } /// Creates a new `SafeString`, but without escaping the given value. /// /// Only use when you are sure you can trust the input (when the HTML /// is entirely generated by Plume, not depending on user-inputed data). /// Prefer `SafeString::new` as much as possible. pub fn trusted(value: impl AsRef) -> Self { SafeString { value: value.as_ref().to_string(), } } pub fn set(&mut self, value: &str) { self.value = CLEAN.clean(value).to_string(); } pub fn get(&self) -> &String { &self.value } } impl Serialize for SafeString { fn serialize(&self, serializer: S) -> Result where S: Serializer, { serializer.serialize_str(&self.value) } } struct SafeStringVisitor; impl<'de> Visitor<'de> for SafeStringVisitor { type Value = SafeString; fn expecting(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result { formatter.write_str("a string") } fn visit_str(self, value: &str) -> Result where E: serde::de::Error, { Ok(SafeString::new(value)) } } impl<'de> Deserialize<'de> for SafeString { fn deserialize(deserializer: D) -> Result where D: Deserializer<'de>, { Ok(deserializer.deserialize_string(SafeStringVisitor)?) } } #[cfg(all(feature = "postgres", not(feature = "sqlite")))] impl Queryable for SafeString { type Row = String; fn build(value: Self::Row) -> Self { SafeString::new(&value) } } #[cfg(all(feature = "sqlite", not(feature = "postgres")))] impl Queryable for SafeString { type Row = String; fn build(value: Self::Row) -> Self { SafeString::new(&value) } } impl ToSql for SafeString where DB: diesel::backend::Backend, str: ToSql, { fn to_sql(&self, out: &mut Output<'_, W, DB>) -> serialize::Result { str::to_sql(&self.value, out) } } impl Borrow for SafeString { fn borrow(&self) -> &str { &self.value } } impl Display for SafeString { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!(f, "{}", self.value) } } impl Deref for SafeString { type Target = str; fn deref(&self) -> &str { &self.value } } impl AsRef for SafeString { fn as_ref(&self) -> &str { &self.value } } use rocket::http::RawStr; use rocket::request::FromFormValue; impl<'v> FromFormValue<'v> for SafeString { type Error = &'v RawStr; fn from_form_value(form_value: &'v RawStr) -> Result { let val = String::from_form_value(form_value)?; Ok(SafeString::new(&val)) } }