@rmdes/indiekit-endpoint-activitypub 3.13.9 → 3.13.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/inbox-handlers.js +4 -0
- package/lib/item-processing.js +3 -1
- package/package.json +1 -1
- package/lib/emoji-utils.js +0 -38
package/lib/inbox-handlers.js
CHANGED
|
@@ -43,6 +43,10 @@ import { getSettings } from "./settings.js";
|
|
|
43
43
|
/** @type {string} ActivityStreams Public Collection constant */
|
|
44
44
|
const PUBLIC = "https://www.w3.org/ns/activitystreams#Public";
|
|
45
45
|
|
|
46
|
+
// Pure addressing/visibility helpers are exported for unit testing (see
|
|
47
|
+
// tests/inbox-visibility.test.js). They are not part of the handler API.
|
|
48
|
+
export { isDirectMessage as _isDirectMessage, computeVisibility as _computeVisibility };
|
|
49
|
+
|
|
46
50
|
// ---------------------------------------------------------------------------
|
|
47
51
|
// Router
|
|
48
52
|
// ---------------------------------------------------------------------------
|
package/lib/item-processing.js
CHANGED
|
@@ -7,7 +7,9 @@
|
|
|
7
7
|
*/
|
|
8
8
|
|
|
9
9
|
import { stripQuoteReferenceHtml } from "./og-unfurl.js";
|
|
10
|
-
|
|
10
|
+
// Use the hardened replaceCustomEmoji (validates http(s) URL schemes + escapes
|
|
11
|
+
// attributes) — the render pipeline processes attacker-controlled remote emoji.
|
|
12
|
+
import { replaceCustomEmoji } from "./timeline-store.js";
|
|
11
13
|
import { shortenDisplayUrls, collapseHashtagStuffing } from "./content-utils.js";
|
|
12
14
|
|
|
13
15
|
/**
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rmdes/indiekit-endpoint-activitypub",
|
|
3
|
-
"version": "3.13.
|
|
3
|
+
"version": "3.13.10",
|
|
4
4
|
"description": "ActivityPub federation endpoint for Indiekit via Fedify. Adds full fediverse support: actor, inbox, outbox, followers, following, syndication, and Mastodon migration.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"indiekit",
|
package/lib/emoji-utils.js
DELETED
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Custom emoji replacement for fediverse content.
|
|
3
|
-
*
|
|
4
|
-
* Replaces :shortcode: patterns with <img> tags for custom emoji.
|
|
5
|
-
* Must be called AFTER sanitizeContent() — the inserted <img> tags
|
|
6
|
-
* would be stripped if run through the sanitizer.
|
|
7
|
-
*/
|
|
8
|
-
|
|
9
|
-
/**
|
|
10
|
-
* Escape special regex characters in a string.
|
|
11
|
-
* @param {string} str
|
|
12
|
-
* @returns {string}
|
|
13
|
-
*/
|
|
14
|
-
function escapeRegex(str) {
|
|
15
|
-
return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
/**
|
|
19
|
-
* Replace :shortcode: patterns in HTML with custom emoji <img> tags.
|
|
20
|
-
*
|
|
21
|
-
* @param {string} html - HTML string (already sanitized)
|
|
22
|
-
* @param {Array<{shortcode: string, url: string}>} emojis - Custom emoji list
|
|
23
|
-
* @returns {string} HTML with emoji shortcodes replaced by img tags
|
|
24
|
-
*/
|
|
25
|
-
export function replaceCustomEmoji(html, emojis) {
|
|
26
|
-
if (!html || !emojis?.length) return html;
|
|
27
|
-
|
|
28
|
-
for (const emoji of emojis) {
|
|
29
|
-
if (!emoji.shortcode || !emoji.url) continue;
|
|
30
|
-
const pattern = new RegExp(`:${escapeRegex(emoji.shortcode)}:`, "g");
|
|
31
|
-
html = html.replace(
|
|
32
|
-
pattern,
|
|
33
|
-
`<img src="${emoji.url}" alt=":${emoji.shortcode}:" title=":${emoji.shortcode}:" class="ap-custom-emoji" loading="lazy">`,
|
|
34
|
-
);
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
return html;
|
|
38
|
-
}
|