feat(posts): faithful (semantic) HTML rendering of post bodies
Phase 1 of milestone #64. The body is captured (Phase 0) but was shown as plain text. Now: - html_sanitize.py: widen the allowlist to a faithful-but-safe set — headings, inline images, lists, blockquote, hr, code/pre, figure, links (div/span stay stripped; their text is preserved). Benefits the existing ProvenancePanel too. - post_feed_service.get_post: add sanitized `description_html` to the DETAIL response (the feed list stays lightweight plain text by design). - PostCard.vue: render description_html via v-html once expanded (fetched with detail); collapsed + no-detail fallback stay plain text. Styled close to the source (headings, images max-width, accent links, lists, quotes, code). Tests: sanitizer (headings/img/lists survive, img javascript: src dropped); get_post returns sanitized description_html. Refs FC #830. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -22,6 +22,7 @@ from ..models import (
|
|||||||
PostAttachment,
|
PostAttachment,
|
||||||
Source,
|
Source,
|
||||||
)
|
)
|
||||||
|
from ..utils.html_sanitize import sanitize_post_html
|
||||||
from ..utils.text import html_to_plain, truncate_at_word
|
from ..utils.text import html_to_plain, truncate_at_word
|
||||||
from .gallery_service import thumbnail_url
|
from .gallery_service import thumbnail_url
|
||||||
from .pagination import decode_cursor, encode_cursor
|
from .pagination import decode_cursor, encode_cursor
|
||||||
@@ -191,6 +192,10 @@ class PostFeedService:
|
|||||||
atts_map = await self._attachments_for([post.id])
|
atts_map = await self._attachments_for([post.id])
|
||||||
item = self._to_dict(post, artist, source, thumbs_map, atts_map)
|
item = self._to_dict(post, artist, source, thumbs_map, atts_map)
|
||||||
item["description_full"] = html_to_plain(post.description)
|
item["description_full"] = html_to_plain(post.description)
|
||||||
|
# Sanitized HTML body for faithful (semantic) rendering in the post view;
|
||||||
|
# detail-only (the feed list stays lightweight plain text). None when the
|
||||||
|
# post has no body.
|
||||||
|
item["description_html"] = sanitize_post_html(post.description)
|
||||||
return item
|
return item
|
||||||
|
|
||||||
# --- composition helpers ---------------------------------------------
|
# --- composition helpers ---------------------------------------------
|
||||||
|
|||||||
@@ -8,10 +8,23 @@ bleach is deprecated upstream and intentionally not used.
|
|||||||
|
|
||||||
import nh3
|
import nh3
|
||||||
|
|
||||||
|
# A faithful-but-safe set: enough to reproduce the SEMANTIC look of a scraped
|
||||||
|
# post body (headings, lists, quotes, code, inline images, links, line breaks +
|
||||||
|
# inline emphasis) without layout-injection wrappers. `div`/`span` are
|
||||||
|
# deliberately NOT allowed — their text is preserved by nh3 and they only carry
|
||||||
|
# source-site layout/styling we don't want to import (a test pins this).
|
||||||
ALLOWED_TAGS = {
|
ALLOWED_TAGS = {
|
||||||
"p", "a", "br", "em", "strong", "b", "i", "ul", "ol", "li", "blockquote",
|
"p", "a", "br", "em", "strong", "b", "i", "u", "s",
|
||||||
|
"ul", "ol", "li", "blockquote",
|
||||||
|
"h1", "h2", "h3", "h4", "h5", "h6", "hr",
|
||||||
|
"pre", "code", "img", "figure", "figcaption",
|
||||||
}
|
}
|
||||||
ALLOWED_ATTRIBUTES = {"a": {"href", "title"}}
|
ALLOWED_ATTRIBUTES = {
|
||||||
|
"a": {"href", "title", "target"},
|
||||||
|
"img": {"src", "alt", "title", "width", "height"},
|
||||||
|
}
|
||||||
|
# http/https for hotlinked source images today; relative URLs (e.g. a local
|
||||||
|
# `/api/...` src once inline images are captured) pass through nh3 untouched.
|
||||||
ALLOWED_URL_SCHEMES = {"http", "https"}
|
ALLOWED_URL_SCHEMES = {"http", "https"}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -63,8 +63,16 @@
|
|||||||
Post {{ post.external_post_id }}
|
Post {{ post.external_post_id }}
|
||||||
</h3>
|
</h3>
|
||||||
|
|
||||||
|
<!-- Faithful (semantic) body render once expanded: backend-sanitized
|
||||||
|
HTML (headings, lists, links, inline images). Collapsed and the
|
||||||
|
no-detail fallback stay plain text. -->
|
||||||
|
<div
|
||||||
|
v-if="hasDescription && descExpanded && descHtml"
|
||||||
|
class="fc-post-card__desc fc-post-card__desc--html"
|
||||||
|
v-html="descHtml"
|
||||||
|
/>
|
||||||
<p
|
<p
|
||||||
v-if="hasDescription" ref="descEl"
|
v-else-if="hasDescription" ref="descEl"
|
||||||
class="fc-post-card__desc"
|
class="fc-post-card__desc"
|
||||||
:class="{ 'fc-post-card__desc--clamped': !descExpanded }"
|
:class="{ 'fc-post-card__desc--clamped': !descExpanded }"
|
||||||
>{{ descText }}</p>
|
>{{ descText }}</p>
|
||||||
@@ -190,6 +198,9 @@ const descEl = ref(null)
|
|||||||
|
|
||||||
const hasDescription = computed(() => !!props.post.description_plain)
|
const hasDescription = computed(() => !!props.post.description_plain)
|
||||||
const fullDescription = computed(() => detail.value?.description_full || null)
|
const fullDescription = computed(() => detail.value?.description_full || null)
|
||||||
|
// Backend-sanitized HTML body (detail-only). Drives the faithful render once
|
||||||
|
// expanded; falls back to plain text when detail isn't loaded.
|
||||||
|
const descHtml = computed(() => detail.value?.description_html || null)
|
||||||
const descText = computed(() =>
|
const descText = computed(() =>
|
||||||
descExpanded.value
|
descExpanded.value
|
||||||
? (fullDescription.value || props.post.description_plain)
|
? (fullDescription.value || props.post.description_plain)
|
||||||
@@ -219,7 +230,9 @@ onBeforeUnmount(() => { if (ro) { ro.disconnect(); ro = null } })
|
|||||||
|
|
||||||
async function toggleDesc () {
|
async function toggleDesc () {
|
||||||
if (!descExpanded.value) {
|
if (!descExpanded.value) {
|
||||||
if (props.post.description_truncated && !fullDescription.value && !detail.value) {
|
// Fetch detail on first expand to get the sanitized HTML body (and the full
|
||||||
|
// plain text) — render the formatted body, not just the truncated preview.
|
||||||
|
if (!detail.value) {
|
||||||
try {
|
try {
|
||||||
detail.value = await postsStore.getPostFull(props.post.id)
|
detail.value = await postsStore.getPostFull(props.post.id)
|
||||||
} catch { /* render the truncated text rather than nothing */ }
|
} catch { /* render the truncated text rather than nothing */ }
|
||||||
@@ -369,6 +382,58 @@ function formatBytes (n) {
|
|||||||
@container (min-width: 800px) {
|
@container (min-width: 800px) {
|
||||||
.fc-post-card__desc--clamped { -webkit-line-clamp: 5; }
|
.fc-post-card__desc--clamped { -webkit-line-clamp: 5; }
|
||||||
}
|
}
|
||||||
|
/* Faithful HTML body (expanded). Drop the plain-text pre-wrap and style the
|
||||||
|
semantic tags the backend sanitizer allows. :deep() pierces scoped CSS to
|
||||||
|
reach the v-html subtree. */
|
||||||
|
.fc-post-card__desc--html { white-space: normal; }
|
||||||
|
.fc-post-card__desc--html :deep(p) { margin: 0 0 0.6em; }
|
||||||
|
.fc-post-card__desc--html :deep(p:last-child) { margin-bottom: 0; }
|
||||||
|
.fc-post-card__desc--html :deep(h1),
|
||||||
|
.fc-post-card__desc--html :deep(h2),
|
||||||
|
.fc-post-card__desc--html :deep(h3),
|
||||||
|
.fc-post-card__desc--html :deep(h4),
|
||||||
|
.fc-post-card__desc--html :deep(h5),
|
||||||
|
.fc-post-card__desc--html :deep(h6) {
|
||||||
|
margin: 0.8em 0 0.4em;
|
||||||
|
line-height: 1.25;
|
||||||
|
font-weight: 700;
|
||||||
|
}
|
||||||
|
.fc-post-card__desc--html :deep(h1) { font-size: 1.3rem; }
|
||||||
|
.fc-post-card__desc--html :deep(h2) { font-size: 1.2rem; }
|
||||||
|
.fc-post-card__desc--html :deep(h3) { font-size: 1.1rem; }
|
||||||
|
.fc-post-card__desc--html :deep(h4),
|
||||||
|
.fc-post-card__desc--html :deep(h5),
|
||||||
|
.fc-post-card__desc--html :deep(h6) { font-size: 1rem; }
|
||||||
|
.fc-post-card__desc--html :deep(a) {
|
||||||
|
color: rgb(var(--v-theme-accent));
|
||||||
|
text-decoration: underline;
|
||||||
|
word-break: break-word;
|
||||||
|
}
|
||||||
|
.fc-post-card__desc--html :deep(img) {
|
||||||
|
max-width: 100%;
|
||||||
|
height: auto;
|
||||||
|
border-radius: 6px;
|
||||||
|
margin: 0.4em 0;
|
||||||
|
}
|
||||||
|
.fc-post-card__desc--html :deep(ul),
|
||||||
|
.fc-post-card__desc--html :deep(ol) { margin: 0 0 0.6em; padding-left: 1.4em; }
|
||||||
|
.fc-post-card__desc--html :deep(li) { margin: 0.15em 0; }
|
||||||
|
.fc-post-card__desc--html :deep(blockquote) {
|
||||||
|
margin: 0.6em 0;
|
||||||
|
padding-left: 0.8em;
|
||||||
|
border-left: 3px solid rgb(var(--v-theme-on-surface-variant));
|
||||||
|
color: rgb(var(--v-theme-on-surface-variant));
|
||||||
|
}
|
||||||
|
.fc-post-card__desc--html :deep(pre) {
|
||||||
|
background: rgba(var(--v-theme-on-surface), 0.06);
|
||||||
|
padding: 0.6em; border-radius: 6px; overflow-x: auto;
|
||||||
|
}
|
||||||
|
.fc-post-card__desc--html :deep(code) { font-family: monospace; font-size: 0.85em; }
|
||||||
|
.fc-post-card__desc--html :deep(hr) {
|
||||||
|
border: 0; border-top: 1px solid rgb(var(--v-theme-on-surface-variant));
|
||||||
|
margin: 0.8em 0; opacity: 0.4;
|
||||||
|
}
|
||||||
|
.fc-post-card__desc--html :deep(figure) { margin: 0.4em 0; }
|
||||||
.fc-post-card__desc--missing {
|
.fc-post-card__desc--missing {
|
||||||
font-style: italic;
|
font-style: italic;
|
||||||
color: rgb(var(--v-theme-on-surface-variant));
|
color: rgb(var(--v-theme-on-surface-variant));
|
||||||
|
|||||||
@@ -36,3 +36,19 @@ def test_javascript_href_dropped():
|
|||||||
out = sanitize_post_html('<a href="javascript:alert(1)">x</a>')
|
out = sanitize_post_html('<a href="javascript:alert(1)">x</a>')
|
||||||
assert "javascript:" not in out
|
assert "javascript:" not in out
|
||||||
assert "x" in out # text preserved, dangerous href removed
|
assert "x" in out # text preserved, dangerous href removed
|
||||||
|
|
||||||
|
|
||||||
|
def test_headings_lists_and_images_survive():
|
||||||
|
out = sanitize_post_html(
|
||||||
|
'<h2>Title</h2><p>x</p>'
|
||||||
|
'<img src="https://cdn.test/a.jpg" alt="art" width="200">'
|
||||||
|
'<ul><li>one</li></ul><blockquote>q</blockquote>'
|
||||||
|
)
|
||||||
|
assert "<h2>" in out
|
||||||
|
assert '<img' in out and 'src="https://cdn.test/a.jpg"' in out and 'alt="art"' in out
|
||||||
|
assert "<li>" in out and "<blockquote>" in out
|
||||||
|
|
||||||
|
|
||||||
|
def test_image_javascript_src_dropped():
|
||||||
|
out = sanitize_post_html('<img src="javascript:alert(1)" alt="x">')
|
||||||
|
assert "javascript:" not in out
|
||||||
|
|||||||
@@ -419,6 +419,24 @@ async def test_get_post_returns_full_description(db):
|
|||||||
assert len(item["description_full"]) > 280
|
assert len(item["description_full"]) > 280
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.asyncio
|
||||||
|
async def test_get_post_returns_sanitized_html_body(db):
|
||||||
|
artist = await _seed_artist(db, "alice-html")
|
||||||
|
src = await _seed_source(db, artist.id, "patreon", "https://p/alice-html")
|
||||||
|
p = await _seed_post(
|
||||||
|
db, src.id, external_id="HTMLBODY", post_date=datetime.now(UTC),
|
||||||
|
description='<h2>Heading</h2><p>body</p><script>alert(1)</script>',
|
||||||
|
)
|
||||||
|
await db.commit()
|
||||||
|
|
||||||
|
item = await PostFeedService(db).get_post(p.id)
|
||||||
|
# Detail carries the sanitized HTML body for faithful rendering; <script> is
|
||||||
|
# stripped, semantic tags survive.
|
||||||
|
assert item["description_html"] is not None
|
||||||
|
assert "<h2>" in item["description_html"]
|
||||||
|
assert "<script>" not in item["description_html"]
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
@pytest.mark.asyncio
|
||||||
async def test_get_post_unknown_returns_none(db):
|
async def test_get_post_unknown_returns_none(db):
|
||||||
item = await PostFeedService(db).get_post(99999)
|
item = await PostFeedService(db).get_post(99999)
|
||||||
|
|||||||
Reference in New Issue
Block a user