dont url escape, xml escape

2010-12-15 17:43:46 -08:00 · 2010-12-15 17:43:46 -08:00 · cb5982704e
commit cb5982704e
parent 8ec85d3b12
3 changed files with 18 additions and 4 deletions
--- a/app/models/status_message.rb
+++ b/app/models/status_message.rb
@ -24,7 +24,7 @@ class StatusMessage < Post
  def to_activity
    <<-XML
  <entry>
-    <title>#{CGI::escape(self.message)}</title>
+    <title>#{x(self.message)}</title>
    <link rel="alternate" type="text/html" href="#{person.url}status_messages/#{self.id}"/>
    <id>#{person.url}status_messages/#{self.id}</id>
    <published>#{self.created_at.xmlschema}</published>
--- a/lib/diaspora/ostatus_builder.rb
+++ b/lib/diaspora/ostatus_builder.rb
@ -19,6 +19,8 @@ module Diaspora


  class OstatusBuilder
+    include Diaspora::Webhooks
+
    def initialize(user)
      @user = user
    end
@ -29,11 +31,11 @@ module Diaspora
 <feed xml:lang="en-US" xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:georss="http://www.georss.org/georss" xmlns:activity="http://activitystrea.ms/spec/1.0/" xmlns:media="http://purl.org/syndication/atommedia" xmlns:poco="http://portablecontacts.net/spec/1.0" xmlns:ostatus="http://ostatus.org/schema/1.0" xmlns:statusnet="http://status.net/schema/api/1/">
 <generator uri="http://joindiaspora.com/">Diaspora</generator>
 <id>#{@user.public_url}.atom</id>
-<title>#{@user.name}'s Public Feed</title>
+<title>#{x@user.name)}'s Public Feed</title>
 <subtitle>Posts from Diaspora</subtitle>
 <updated>#{Time.now.xmlschema}</updated>
 <author>
-  <name>#{CGI::escape(@user.name)}</name>
+  <name>#{x(@user.name)}</name>
  <uri>#{@user.public_url}</uri>
 </author>
      XML
@ -51,7 +53,7 @@ module Diaspora
 <activity:subject>
  <activity:object-type>http://activitystrea.ms/schema/1.0/person</activity:object-type>
  <id>#{@user.public_url}</id>
-  <title>#{@user.name}</title>
+  <title>#{x(@user.name)}</title>
  <link rel="alternative" type="text/html" href="#{@user.public_url}"/>
  <link rel="avatar" type="image/jpeg" media:width="100" media:height="100" href="#{@user.profile.image_url}"/>
 </activity:subject>
--- a/lib/diaspora/webhooks.rb
+++ b/lib/diaspora/webhooks.rb
@ -11,5 +11,17 @@ module Diaspora
      xml += "</XML>"
    end

+    def x(input)
+      result.gsub!(/[&<>'"]/) do | match |
+        case match
+        when '&' then return '&amp;'
+        when '<' then return '&lt;'
+        when '>' then return '&gt;'
+        when "'" then return '&apos;'
+        when '"' then return '&quote;'
+        end
+      end
+      return result
+    end
  end
 end