Browse Source

escape html tags when creating html version

pull/108/head v1.11.1
Aaron Parecki 3 years ago
parent
commit
dfc620d102
3 changed files with 124 additions and 1 deletions
  1. +2
    -1
      lib/XRay/Formats/Twitter.php
  2. +9
    -0
      tests/TwitterTest.php
  3. +113
    -0
      tests/data/api.twitter.com/tweet-with-html.json

+ 2
- 1
lib/XRay/Formats/Twitter.php View File

@ -277,7 +277,8 @@ class Twitter extends Format {
// Twitter escapes & as & in the text // Twitter escapes & as & in the text
$text = html_entity_decode($text); $text = html_entity_decode($text);
$html = str_replace("\n", "<br>\n", $text);
$html = htmlspecialchars($text);
$html = str_replace("\n", "<br>\n", $html);
if(property_exists($entities, 'user_mentions')) { if(property_exists($entities, 'user_mentions')) {
foreach($entities->user_mentions as $user) { foreach($entities->user_mentions as $user) {

+ 9
- 0
tests/TwitterTest.php View File

@ -214,6 +214,15 @@ class TwitterTest extends PHPUnit_Framework_TestCase {
$this->assertEquals("Hey <a href=\"https://twitter.com/OregonGovBrown\">@OregonGovBrown</a> <a href=\"https://twitter.com/tedwheeler\">@tedwheeler</a> day 16 of #BHM is for <a href=\"https://twitter.com/stream_pdx\">@stream_pdx</a>. An amazing podcast trailer run by <a href=\"https://twitter.com/tyeshasnow\">@tyeshasnow</a> helping to democratize story telling in #PDX. Folks can get training in the production of podcasts. <a href=\"https://twitter.com/siliconflorist\">@siliconflorist</a> #SupportBlackBusiness", $tweet['content']['html']); $this->assertEquals("Hey <a href=\"https://twitter.com/OregonGovBrown\">@OregonGovBrown</a> <a href=\"https://twitter.com/tedwheeler\">@tedwheeler</a> day 16 of #BHM is for <a href=\"https://twitter.com/stream_pdx\">@stream_pdx</a>. An amazing podcast trailer run by <a href=\"https://twitter.com/tyeshasnow\">@tyeshasnow</a> helping to democratize story telling in #PDX. Folks can get training in the production of podcasts. <a href=\"https://twitter.com/siliconflorist\">@siliconflorist</a> #SupportBlackBusiness", $tweet['content']['html']);
} }
public function testTweetWithHTML() {
list($url, $json) = $this->loadTweet('tweet-with-html');
$data = $this->parse(['url' => $url, 'body' => $json]);
$this->assertContains('<script>', $data['data']['content']['text']);
$this->assertContains('&lt;script&gt;', $data['data']['content']['html']);
}
public function testStreamingTweetWithLink() { public function testStreamingTweetWithLink() {
list($url, $json) = $this->loadTweet('streaming-tweet-with-link'); list($url, $json) = $this->loadTweet('streaming-tweet-with-link');
$data = $this->parse(['url' => $url, 'body' => $json]); $data = $this->parse(['url' => $url, 'body' => $json]);

+ 113
- 0
tests/data/api.twitter.com/tweet-with-html.json View File

@ -0,0 +1,113 @@
{
"created_at": "Wed Feb 10 12:56:18 +0000 2021",
"id": 1359486349984714754,
"id_str": "1359486349984714754",
"full_text": "@dhh Last year I finally gave myself permission to ignore the entire modern JavaScript ecosystem and go back to writing front-end code by typing library-free JavaScript into a &lt;script&gt; block... and it works great!\n\nDon't even need jQuery any more, native JS absorbed its best features",
"truncated": false,
"display_text_range": [
5,
290
],
"entities": {
"hashtags": [
],
"symbols": [
],
"user_mentions": [
{
"screen_name": "dhh",
"name": "DHH",
"id": 14561327,
"id_str": "14561327",
"indices": [
0,
4
]
}
],
"urls": [
]
},
"source": "<a href=\"http://twitter.com/download/iphone\" rel=\"nofollow\">Twitter for iPhone</a>",
"in_reply_to_status_id": 1359426190893862912,
"in_reply_to_status_id_str": "1359426190893862912",
"in_reply_to_user_id": 14561327,
"in_reply_to_user_id_str": "14561327",
"in_reply_to_screen_name": "dhh",
"user": {
"id": 12497,
"id_str": "12497",
"name": "Simon Willison",
"screen_name": "simonw",
"location": "San Francisco, CA",
"description": "Creator of @datasetteproj, co-creator Django. @JSKstanford Fellow 2020. Collector of @nichemuseums. Usually hanging out with @natbat and @cleopaws. He/Him",
"url": "https://t.co/wyNggeHZ8W",
"entities": {
"url": {
"urls": [
{
"url": "https://t.co/wyNggeHZ8W",
"expanded_url": "https://simonwillison.net/",
"display_url": "simonwillison.net",
"indices": [
0,
23
]
}
]
},
"description": {
"urls": [
]
}
},
"protected": false,
"followers_count": 22281,
"friends_count": 4380,
"listed_count": 1310,
"created_at": "Wed Nov 15 13:18:50 +0000 2006",
"favourites_count": 34961,
"utc_offset": null,
"time_zone": null,
"geo_enabled": true,
"verified": true,
"statuses_count": 25772,
"lang": null,
"contributors_enabled": false,
"is_translator": false,
"is_translation_enabled": false,
"profile_background_color": "000000",
"profile_background_image_url": "http://abs.twimg.com/images/themes/theme1/bg.png",
"profile_background_image_url_https": "https://abs.twimg.com/images/themes/theme1/bg.png",
"profile_background_tile": false,
"profile_image_url": "http://pbs.twimg.com/profile_images/378800000261649705/be9cc55e64014e6d7663c50d7cb9fc75_normal.jpeg",
"profile_image_url_https": "https://pbs.twimg.com/profile_images/378800000261649705/be9cc55e64014e6d7663c50d7cb9fc75_normal.jpeg",
"profile_banner_url": "https://pbs.twimg.com/profile_banners/12497/1347977147",
"profile_link_color": "0000FF",
"profile_sidebar_border_color": "FFFFFF",
"profile_sidebar_fill_color": "FFFFFF",
"profile_text_color": "000000",
"profile_use_background_image": true,
"has_extended_profile": true,
"default_profile": false,
"default_profile_image": false,
"following": true,
"follow_request_sent": false,
"notifications": false,
"translator_type": "regular"
},
"geo": null,
"coordinates": null,
"place": null,
"contributors": null,
"is_quote_status": false,
"retweet_count": 2,
"favorite_count": 75,
"favorited": true,
"retweeted": false,
"lang": "en"
}

Loading…
Cancel
Save