@reality.eth/reality-eth-lib 3.1.14 → 3.1.16

package/formatters/question.js

@@ -5,6 +5,9 @@ const BigNumber = require('bignumber.js');
 const ethereumjs_abi = require('ethereumjs-abi')
 const vsprintf = require("sprintf-js").vsprintf
 const QUESTION_MAX_OUTCOMES = 128;
+const marked = require('marked');
+const DOMPurify = require('isomorphic-dompurify');
+const { convert} = require('html-to-text');
 
 exports.delimiter = function() {
     return '\u241f'; // Thought about '\u0000' but it seems to break something;
@@ -176,7 +179,7 @@ exports.parseQuestionJSON = function(data, errors_to_title) {
     // Strip unicode null-terminated-string control characters if there are any.
     // These seem to be stripped already if we got data via The Graph, and only passed to us on RPC.
     data = data.replace(/\u0000/g, "");
-
+    
     var question_json;
     try {
         question_json = JSON.parse(data);
@@ -187,12 +190,15 @@ exports.parseQuestionJSON = function(data, errors_to_title) {
             'errors': {"json_parse_failed": true}
         };
     }
+
     if (question_json['outcomes'] && question_json['outcomes'].length > QUESTION_MAX_OUTCOMES) {
-        question_json['errors'] = {'too_many_outcomes': true}
+        if (!question_json['errors']) question_json['errors'] = {};
+        question_json['errors']['too_many_outcomes'] = true;
     }
     if ('type' in question_json && question_json['type'] == 'datetime' && 'precision' in question_json) {
         if (!(['Y', 'm', 'd', 'H', 'i', 's'].includes(question_json['precision']))) {
-            question_json['errors'] = {'invalid_precision': true};
+            if (!question_json['errors']) question_json['errors'] = {};
+            question_json['errors']['invalid_precision'] = true;
         }
     }
     // If errors_to_title is specified, we add any error message to the title to make sure we don't lose it
@@ -202,13 +208,57 @@ exports.parseQuestionJSON = function(data, errors_to_title) {
                 'invalid_precision': 'Invalid date format',
                 'too_many_outcomes': 'Too many outcomes'
             }
-            for (var e in question_json['errors']) {
+            for (const e in question_json['errors']) {
                 if (e in prependers) {
                     question_json['title'] = '['+prependers[e]+'] ' + question_json['title'];
                 }
             }
         }
     }
+
+    if (!question_json['format']) {
+        question_json['format'] = 'text/plain';
+    }
+
+    if (question_json['format'] == 'text/plain') {
+        question_json['title_text'] = question_json['title'];
+    } else if (question_json['format'] == 'text/markdown') {
+        try{
+            const safeMarkdown = DOMPurify.sanitize(question_json['title'], { USE_PROFILES: {html: false}});
+            if (safeMarkdown !== question_json['title']) {
+                if (!question_json['errors']) question_json['errors'] = {};
+                question_json['errors']['unsafe_markdown'] = true;
+            } else {
+                question_json['title_html'] = marked.parse(safeMarkdown).replace(/<img.*src=\"(.*?)\".*alt=\"(.*?)\".*\/?>/, '<a href="$1">$2</a>');
+                question_json['title_text'] = convert(question_json['title_html'], {
+                    selectors: [{selector: 'h1', options: { uppercase: false }}, {selector: 'h2', options: { uppercase: false }}]
+                });
+            }
+        } catch(e){
+            if (!question_json['errors']) question_json['errors'] = {};
+            question_json['errors']['markdown_parse_failed'] = true
+        }
+    } else {
+        if (!question_json['errors']) question_json['errors'] = {};
+        question_json['errors']['invalid_format'] = true;
+    }
+
+    // If errors_to_title is specified, we add any error message to the title to make sure we don't lose it
+    if (errors_to_title) {
+        if ('errors' in question_json) {
+            const prependers = {
+                'invalid_format': 'Invalid format',
+                'unsafe_markdown': 'Unsafe markdown',
+                'markdown_parse_failed': 'Bad markdown parse'
+            }
+            for (const e in question_json['errors']) {
+                if (e in prependers) {
+                    question_json['title'] = '['+prependers[e]+'] ' + question_json['title'];
+                }
+            }
+        }
+    }
+
     return question_json;
 
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@reality.eth/reality-eth-lib",
-  "version": "3.1.14",
+  "version": "3.1.16",
   "description": "Tools for handling questions in the reality.eth fact verification platform",
   "scripts": {
     "test": "env TZ='Asia/Kabul' mocha ./test"
@@ -16,10 +16,13 @@
   "author": "Edmund Edgar (https://reality.eth.link)",
   "license": "GPL-3.0",
   "dependencies": {
-    "@reality.eth/contracts": "^3.0.16",
+    "@reality.eth/contracts": "^3.0.17",
     "bignumber.js": "^7.2.1",
     "bn.js": "^5.2.1",
     "ethereumjs-abi": "^0.6.5",
+    "html-to-text": "^8.2.1",
+    "isomorphic-dompurify": "^0.23.0",
+    "marked": "^4.1.1",
     "sprintf-js": "^1.1.1"
   },
   "devDependencies": {
@@ -36,5 +39,5 @@
     "url": "https://github.com/RealityETH/monorepo/issues"
   },
   "homepage": "https://reality.eth.link",
-  "gitHead": "bf4b54cd772d0763ab0a88ee631415d8ee90b2bb"
+  "gitHead": "cb5d687e6d5fe075c7e01bf5cb06517eb211dc24"
 }

package/test/formatters.js

@@ -200,7 +200,6 @@ describe('Answer strings', function() {
     var qtext = rc_question.encodeText('multiple-select', 'oink', outcomes, 'my-category');
     var q1 = rc_question.populatedJSONForTemplate(rc_template.defaultTemplateForType('multiple-select'), qtext);
     expect(q1.errors.too_many_outcomes).to.equal(true);
-    console.log(q1.title);
     expect(q1.title).to.equal('oink');
     var q2 = rc_question.populatedJSONForTemplate(rc_template.defaultTemplateForType('multiple-select'), qtext, true);
     expect(q2.errors.too_many_outcomes).to.equal(true);
@@ -241,6 +240,32 @@ describe('Broken questions', function() {
   });
 });
 
+describe('Markdown questions', function() {
+  it('Sets title, title_html and title_text appropriatly', function() {
+    const qMarkdown = "{\"title\": \"# my title oh yes\", \"type\": \"bool\", \"category\": \"art\", \"lang\": \"en_US\", \"format\": \"text/markdown\"}";
+    const q = rc_question.parseQuestionJSON(qMarkdown, true);
+    expect(q.errors).to.equal(undefined);
+    expect(q.format).to.equal('text/markdown');
+    expect(q.title_text).to.equal('my title oh yes');
+    expect(q.title).to.equal('# my title oh yes');
+    expect(q.title_html).to.equal('<h1 id="my-title-oh-yes">my title oh yes</h1>'+"\n");
+  });
+});
+
+describe('Unsafe markdown questions', function() {
+  it('Sets an error if a question includes unsafe html in markdown', function() {
+    const qUnsafeMarkdown = "{\"title\": \"# Title <p>abc<iframe\/\/src=jAva&Tab;script:alert(3)>def<\/p>\", \"type\": \"bool\", \"category\": \"art\", \"lang\": \"en_US\", \"format\": \"text/markdown\"}";
+    const q = rc_question.parseQuestionJSON(qUnsafeMarkdown, true);
+    expect(q.errors.unsafe_markdown).to.equal(true);
+  });
+  it('Sets no error if a question includes valid markdown without html', function() {
+    const qUnsafeMarkdown = "{\"title\": \"# Title\", \"type\": \"bool\", \"category\": \"art\", \"lang\": \"en_US\", \"format\": \"text/markdown\"}";
+    const q = rc_question.parseQuestionJSON(qUnsafeMarkdown, true);
+    expect(q.errors).to.equal(undefined);
+    expect(q.format).to.equal('text/markdown');
+  });
+});
+
 describe('Commitment ID tests', function() {
   // Using rinkeby question:
   // 0xa09ce5e7943f281a782a0dc021c4029f9088bec4-0x0ade9a55d4dfca644062792d8e66cec9fbd5579761d760a6e0ae9856e81086a4