Merge pull request #114 from dappforce/sanitize-content

Sanitize links in post and space contents

package.json

@@ -84,6 +84,7 @@
     "@ant-design/icons": "^4.2.1",
     "@antv/g2plot": "^2.3.10",
     "@apollo/client": "^3.7.10",
+    "@braintree/sanitize-url": "^6.0.2",
     "@hcaptcha/react-hcaptcha": "^1.4.4",
     "@opd/g2plot-react": "^2.6.0",
     "@polkadot/extension-dapp": "^0.44.6",

src/components/utils/PrivacyPolicyLinks.tsx

@@ -3,11 +3,21 @@ import { BareProps } from './types'
 
 export const PrivacyPolicyLinks = ({ className }: BareProps) => (
   <div className={clsx('d-flex justify-content-center py-3', className)}>
-    <a className='mr-2 DfBlackLink' target='_blank' href='https://subsocial.network/legal/terms'>
+    <a
+      className='mr-2 DfBlackLink'
+      target='_blank'
+      rel='noreferrer'
+      href='https://subsocial.network/legal/terms'
+    >
       Terms of Use
     </a>
     {' · '}
-    <a className='ml-2 DfBlackLink' target='_blank' href='https://subsocial.network/legal/privacy'>
+    <a
+      className='ml-2 DfBlackLink'
+      target='_blank'
+      rel='noreferrer'
+      href='https://subsocial.network/legal/privacy'
+    >
       Privacy Policy
     </a>
   </div>

src/rtk/features/contents/contentsSlice.ts

@@ -1,5 +1,6 @@
+import { sanitizeUrl } from '@braintree/sanitize-url'
 import { AsyncThunk, createAsyncThunk, createEntityAdapter, createSlice } from '@reduxjs/toolkit'
-import { isDef } from '@subsocial/utils'
+import { isDef, isObj, nonEmptyArr, nonEmptyStr } from '@subsocial/utils'
 import { createFetchOne, SelectByIdFn, ThunkApiConfig } from 'src/rtk/app/helpers'
 import { RootState } from 'src/rtk/app/rootReducer'
 import { createFetchManyDataWrapper } from 'src/rtk/app/wrappers'
@@ -9,6 +10,7 @@ import {
   convertToDerivedContent,
   DerivedContent,
   HasId,
+  NamedLink,
   PostContent,
   SharedPostContent,
   SpaceContent,
@@ -88,16 +90,43 @@ const contents = createSlice({
   name: 'contents',
   initialState: contentsAdapter.getInitialState(),
   reducers: {
-    upsertContent: contentsAdapter.upsertOne,
+    upsertContent: (state, action) => {
+      const entity = sanitizeContent(action.payload)
+      contentsAdapter.upsertOne(state, entity)
+    },
   },
   extraReducers: builder => {
-    builder.addCase(fetchContents.fulfilled, contentsAdapter.upsertMany)
-    // builder.addCase(fetchContents.rejected, (state, action) => {
-    //   state.error = action.error
-    // })
+    builder.addCase(fetchContents.fulfilled, (state, action) => {
+      const entities = action.payload.map(sanitizeContent)
+      contentsAdapter.upsertMany(state, entities)
+    })
   },
 })
 
+const sanitizeContent = (content: Content<CommonContent>): Content<CommonContent> => {
+  let canonical = (content as PostContent)?.canonical
+
+  if (canonical) {
+    canonical = sanitizeUrl(canonical)
+  }
+
+  let links = (content as SpaceContent)?.links
+
+  if (nonEmptyArr(links)) {
+    links = links.map(link => {
+      if (nonEmptyStr(link)) {
+        link = sanitizeUrl(link)
+      } else if (isObj(link)) {
+        link.url = sanitizeUrl(link.url)
+      }
+
+      return link
+    }) as string[] | NamedLink[]
+  }
+
+  return { ...content, canonical, links }
+}
+
 export const { upsertContent } = contents.actions
 
 export default contents.reducer

yarn.lock

@@ -776,6 +776,11 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
+"@braintree/sanitize-url@^6.0.2":
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.2.tgz#6110f918d273fe2af8ea1c4398a88774bb9fc12f"
+  integrity sha512-Tbsj02wXCbqGmzdnXNk0SOF19ChhRU70BsroIi4Pm6Ehp56in6vch94mfbdQ17DozxkL3BAVjbZ4Qc1a0HFRAg==
+
 "@cnakazawa/watch@^1.0.3":
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/@cnakazawa/watch/-/watch-1.0.4.tgz#f864ae85004d0fcab6f50be9141c4da368d1656a"