fix: HTML-encode user-provided text

metabrainz · Nov 22, 2024 · 0d88d5a · 0d88d5a
1 parent a829809
commit 0d88d5a
Show file tree

Hide file tree

Showing 11 changed files with 96 additions and 32 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -43,6 +43,7 @@ metrics = "0.24.0"
 axum-prometheus = "0.7.0"
 # metrics-exporter-prometheus = { version = "0.15.3", default-features = false, features = ["http-listener"] }
 git-testament = "0.2.5"
+html-escape = "0.2.13"
 
 [dev-dependencies]
 expect-test = "1.5.0"

diff --git a/src/templates/edit_note.rs b/src/templates/edit_note.rs
@@ -1,5 +1,6 @@
 use std::borrow::Borrow;
 
+use html_escape::encode_text;
 use mf1::t_l_string as tl;
 use mrml::{mjml::Mjml, text::Text};
 use mrmx::WithAttribute;
@@ -31,6 +32,11 @@ pub(crate) fn edit_note(params: Value, l: Locale) -> Result<Mjml, TemplateError>
         from_name,
         message,
     } = ctx.unwrap_or_default();
+
+    let to_name = encode_text(&to_name);
+    let from_name = encode_text(&from_name);
+    let message = encode_text(&message);
+
     Ok(view! {
         <mjml>
         <mj-head>

diff --git a/src/templates/editor_message.rs b/src/templates/editor_message.rs
@@ -1,5 +1,6 @@
 use std::borrow::Borrow;
 
+use html_escape::encode_text;
 use mf1::t_l_string as tl;
 use mrml::{mjml::Mjml, text::Text};
 use mrmx::WithAttribute;
@@ -35,20 +36,26 @@ struct EditorMessage {
 pub(crate) fn editor_message(params: Value, l: Locale) -> Result<Mjml, TemplateError> {
     let ctx: Option<EditorMessage> = serde_json::from_value(params)?;
     let EditorMessage {
-        ref to_name,
-        ref from_name,
-        ref subject,
+        to_name: ref to_name_raw,
+        from_name: ref from_name_raw,
+        subject: ref subject_raw,
         message,
         contact_url,
         revealed_address,
         is_self_copy,
     } = ctx.unwrap_or_default();
+
+    let to_name = &encode_text(to_name_raw);
+    let from_name = &encode_text(from_name_raw);
+    let message = encode_text(&message);
+    let subject = &encode_text(subject_raw);
+
     // Reply via email is optional
     Ok(view! {
         <mjml>
         <mj-head>
             { head().into() }
-            <mj-title>{ tl!(l, editor_message.title, from_name, subject ).borrow() }</mj-title>
+            <mj-title>{ tl!(l, editor_message.title, from_name = from_name_raw, subject = subject_raw ).borrow() }</mj-title>
             <mj-style>"
                 div.speech {
                     position: relative;

diff --git a/src/templates/editor_report.rs b/src/templates/editor_report.rs
@@ -1,5 +1,6 @@
 use std::borrow::Borrow;
 
+use html_escape::encode_text;
 use mf1::t_l_string as tl;
 use mrml::{mjml::Mjml, text::Text};
 use mrmx::WithAttribute;
@@ -35,14 +36,19 @@ struct EditorReport {
 pub(crate) fn editor_report(params: Value, l: Locale) -> Result<Mjml, TemplateError> {
     let ctx: Option<EditorReport> = serde_json::from_value(params)?;
     let EditorReport {
-        ref reported_name,
-        ref from_name,
+        reported_name: ref reported_name_raw,
+        from_name: ref from_name_raw,
         ref reported_url,
         ref from_url,
         message,
         revealed_address,
         is_self_copy,
     } = ctx.unwrap_or_default();
+
+    let reported_name = &encode_text(reported_name_raw);
+    let from_name = &encode_text(from_name_raw);
+    let message = encode_text(&message);
+
     // Reply via email is optional
     Ok(view! {
         <mjml>
@@ -51,7 +57,7 @@ pub(crate) fn editor_report(params: Value, l: Locale) -> Result<Mjml, TemplateEr
 
             { if !is_self_copy {
                 view!{
-                    <mj-title>{ tl!(l, editor_report.title, from_name, reported_name ).borrow() }</mj-title>
+                    <mj-title>{ tl!(l, editor_report.title, from_name = from_name_raw, reported_name = reported_name_raw ).borrow() }</mj-title>
                 }.into()
             } else { view!{
                 <mj-title>{ tl!(l, editor_report.copy_title, reported_name ).borrow() }</mj-title>
@@ -96,7 +102,7 @@ pub(crate) fn editor_report(params: Value, l: Locale) -> Result<Mjml, TemplateEr
 
                 <mj-wrapper mj-class="wrapper" css-class="speech" >
                     <mj-text>
-                        <strong >{ Text::from(from_name.to_owned() + ": ").into()}</strong>
+                        <strong >{ Text::from(from_name.clone()+ ": ").into()}</strong>
                         <p class="text-no-wrap" style="white-space: pre-wrap;">
                             { Text::from(message).into()}
                         </p>
@@ -108,7 +114,7 @@ pub(crate) fn editor_report(params: Value, l: Locale) -> Result<Mjml, TemplateEr
                 <mj-wrapper mj-class="wrapper">
                     <mj-text>
                         <p>
-                            <a href={from_url}>{ Text::from(from_url).into()}</a>
+                            <a href={from_url}>{ Text::from(encode_text(from_url)).into()}</a>
                         </p>
                     </mj-text>
                 </mj-wrapper>
@@ -118,7 +124,7 @@ pub(crate) fn editor_report(params: Value, l: Locale) -> Result<Mjml, TemplateEr
                 <mj-wrapper mj-class="wrapper">
                     <mj-text>
                         <p>
-                            <a href={reported_url}>{ Text::from(reported_url).into()}</a>
+                            <a href={reported_url}>{ Text::from(encode_text(reported_url)).into()}</a>
                         </p>
                     </mj-text>
                 </mj-wrapper>

diff --git a/src/templates/email_in_use.rs b/src/templates/email_in_use.rs
@@ -1,5 +1,6 @@
 use std::borrow::Borrow;
 
+use html_escape::encode_text;
 use mf1::t_l_string as tl;
 use mrml::{mjml::Mjml, text::Text};
 use mrmx::WithAttribute;
@@ -27,6 +28,9 @@ pub(crate) fn email_in_use(params: Value, l: Locale) -> Result<Mjml, TemplateErr
         ref lost_username_url,
         ref lost_password_url,
     } = ctx.unwrap_or_default();
+
+    let to_name = &encode_text(to_name);
+
     Ok(view! {
         <mjml>
         <mj-head>
@@ -47,7 +51,7 @@ pub(crate) fn email_in_use(params: Value, l: Locale) -> Result<Mjml, TemplateErr
                 <mj-wrapper mj-class="wrapper">
                     <mj-text>
                         <p>
-                            <a href={lost_username_url}>{ Text::from(lost_username_url).into()}</a>
+                            <a href={lost_username_url}>{ Text::from(encode_text(lost_username_url)).into()}</a>
                         </p>
                     </mj-text>
                 </mj-wrapper>
@@ -57,7 +61,7 @@ pub(crate) fn email_in_use(params: Value, l: Locale) -> Result<Mjml, TemplateErr
                 <mj-wrapper mj-class="wrapper">
                     <mj-text>
                         <p>
-                            <a href={lost_password_url}>{ Text::from(lost_password_url).into()}</a>
+                            <a href={lost_password_url}>{ Text::from(encode_text(lost_password_url)).into()}</a>
                         </p>
                     </mj-text>
                 </mj-wrapper>

diff --git a/src/templates/lost_username.rs b/src/templates/lost_username.rs
@@ -1,5 +1,6 @@
 use std::borrow::Borrow;
 
+use html_escape::encode_text;
 use mf1::t_l_string as tl;
 use mrml::{mjml::Mjml, text::Text};
 use mrmx::WithAttribute;
@@ -25,6 +26,9 @@ pub(crate) fn lost_username(params: Value, l: Locale) -> Result<Mjml, TemplateEr
         ref to_name,
         ref lost_password_url,
     } = ctx.unwrap_or_default();
+
+    let to_name = &encode_text(to_name);
+
     Ok(view! {
         <mjml>
         <mj-head>
@@ -46,7 +50,7 @@ pub(crate) fn lost_username(params: Value, l: Locale) -> Result<Mjml, TemplateEr
                 <mj-wrapper mj-class="wrapper">
                     <mj-text>
                         <p>
-                            <a href={lost_password_url}>{ Text::from(lost_password_url).into()}</a>
+                            <a href={lost_password_url}>{ Text::from(encode_text(lost_password_url)).into()}</a>
                         </p>
                     </mj-text>
                 </mj-wrapper>

diff --git a/src/templates/no_vote.rs b/src/templates/no_vote.rs
@@ -1,5 +1,6 @@
 use std::borrow::Borrow;
 
+use html_escape::encode_text;
 use mf1::t_l_string as tl;
 use mrml::{mjml::Mjml, text::Text};
 use mrmx::WithAttribute;
@@ -25,13 +26,18 @@ struct NoVote {
 pub(crate) fn no_vote(params: Value, l: Locale) -> Result<Mjml, TemplateError> {
     let ctx: Option<NoVote> = serde_json::from_value(params)?;
     let NoVote {
-        to_name,
+        ref to_name,
         ref response_url,
-        subscription_settings_url,
+        ref subscription_settings_url,
         edit_id,
         ref voter_name,
         ref close_time,
     } = ctx.unwrap_or_default();
+
+    let to_name = &encode_text(to_name);
+    let voter_name = &encode_text(voter_name);
+    let close_time = &encode_text(close_time);
+
     Ok(view! {
         <mjml>
         <mj-head>
@@ -69,7 +75,7 @@ pub(crate) fn no_vote(params: Value, l: Locale) -> Result<Mjml, TemplateError> {
                 <mj-divider padding="10px 15px" border-color="#F5F5F5" border-width="3px" />
                 <mj-text font-size="12px" color="#8D8D8D">
                     <p>
-                        <a href={subscription_settings_url}>{ Text::from(tl!(l, change_subscription_settings)).into() }</a>
+                        <a href={&subscription_settings_url}>{ Text::from(tl!(l, change_subscription_settings)).into() }</a>
                     </p>
                     <p>{ Text::from(tl!(l, do_not_reply)).into() }</p>
                     // <p>"Do not reply to this message. If you need help, please "<a href="https://metabrainz.org/contact">contact us</a>.</p>

diff --git a/src/templates/reset_password.rs b/src/templates/reset_password.rs
@@ -1,5 +1,6 @@
 use std::borrow::Borrow;
 
+use html_escape::encode_text;
 use mf1::t_l_string as tl;
 use mrml::{mjml::Mjml, text::Text};
 use mrmx::WithAttribute;
@@ -20,7 +21,13 @@ struct ResetPassword {
 
 pub(crate) fn reset_password(params: Value, l: Locale) -> Result<Mjml, TemplateError> {
     let ctx: Option<ResetPassword> = serde_json::from_value(params)?;
-    let ResetPassword { to_name, reset_url } = ctx.unwrap_or_default();
+    let ResetPassword {
+        ref to_name,
+        ref reset_url,
+    } = ctx.unwrap_or_default();
+
+    let to_name = &encode_text(to_name);
+
     Ok(view! {
         <mjml>
         <mj-head>
@@ -41,7 +48,7 @@ pub(crate) fn reset_password(params: Value, l: Locale) -> Result<Mjml, TemplateE
                 <mj-wrapper mj-class="wrapper">
                     <mj-text>
                         <p>
-                            <a href={&reset_url}>{ Text::from(reset_url).into()}</a>
+                            <a href={reset_url}>{ Text::from(encode_text(reset_url)).into()}</a>
                         </p>
                     </mj-text>
                 </mj-wrapper>

diff --git a/src/templates/subscription.rs b/src/templates/subscription.rs
@@ -1,5 +1,6 @@
 use std::borrow::Borrow;
 
+use html_escape::encode_text;
 use mf1::t_l_string as tl;
 use mrml::{mjml::Mjml, text::Text};
 use mrmx::WithAttribute;
@@ -91,13 +92,15 @@ pub(crate) fn subscription(params: Value, l: Locale) -> Result<Mjml, TemplateErr
     let ctx: Option<Subscription> = serde_json::from_value(params)?;
 
     let Subscription {
-        to_name,
+        ref to_name,
         subscription_settings_url,
         edit_subscriptions_url,
         edits,
         deletes,
     } = ctx.unwrap_or_default();
-    dbg!(&edits);
+
+    let to_name = &encode_text(to_name);
+
     let mut sections = view! {<></>};
     if !edits.artist.is_empty() {
         sections.children.push(edits_for_type_template(
@@ -149,29 +152,29 @@ pub(crate) fn subscription(params: Value, l: Locale) -> Result<Mjml, TemplateErr
                 tl!(
                     l,
                     subscription.entity_with_comment,
-                    name = entity_name,
-                    comment
+                    name = encode_text(&entity_name),
+                    comment = encode_text(&comment)
                 )
             } else {
-                tl!(l, subscription.entity, name = entity_name)
+                tl!(l, subscription.entity, name = encode_text(&entity_name))
             };
             let reason = reason.unwrap_or(tl!(l, subscription.deleted_default_reason));
             let text = if let Some(edit_id) = edit_id {
                 Text::from(tl!(
                     l,
                     subscription.deleted_item_with_edit,
-                    item_type,
+                    item_type = encode_text(&item_type),
                     entity = formatted_name,
-                    reason,
+                    reason = encode_text(&reason),
                     edit_id = edit_id.to_string()
                 ))
             } else {
                 Text::from(tl!(
                     l,
                     subscription.deleted_item,
-                    item_type,
+                    item_type = encode_text(&item_type),
                     entity = formatted_name,
-                    reason
+                    reason = encode_text(&reason)
                 ))
             };
             let item: mrml::node::Node<mrml::mj_body::MjBodyChild> =
@@ -284,9 +287,9 @@ fn item_template(item: SubItem, l: Locale) -> mrml::node::Node<mrml::mj_body::Mj
     view! {
         <li><a href={entity_url}>{
             if let Some(comment) = entity_comment {
-                Text::from(tl!(l, subscription.entity_with_comment , name = entity_name, comment)).into()
+                Text::from(tl!(l, subscription.entity_with_comment , name = encode_text(entity_name), comment = encode_text(comment))).into()
             } else {
-                Text::from(tl!(l, subscription.entity , name = entity_name)).into()
+                Text::from(tl!(l, subscription.entity , name = encode_text(entity_name))).into()
             }}</a>" "
             { Text::from(tl!(l, subscription.open_applied_count , open = open_size.to_string(), applied = applied_size.to_string())).into() }</li>
     }