AO3-6564 Strip images from more fields (#4772)

* Strip images from support/abuse autoreplies * Strip images in inbox for AdminPost replies * Style * Undo plaintext changes * Revert additional unnecessary image removal * Test for image removal in inbox
otwcode · Mar 30, 2024 · 2a99025 · 2a99025
1 parent acebcad
commit 2a99025
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 7 deletions.
diff --git a/app/views/inbox/_inbox_comment_contents.html.erb b/app/views/inbox/_inbox_comment_contents.html.erb
@@ -26,7 +26,6 @@
   <% end %>
 </div>
 
-<% # This feedback_comment used to be inbox_comment... not sure why %>
 <blockquote class="userstuff">
-  <%= raw sanitize_field(feedback_comment, :comment_content) %>
+  <%= raw sanitize_field(feedback_comment, :comment_content, strip_images: feedback_comment.ultimate_parent.is_a?(AdminPost)) %>
 </blockquote>
diff --git a/app/views/user_mailer/abuse_report.html.erb b/app/views/user_mailer/abuse_report.html.erb
@@ -21,12 +21,12 @@
 
   <p>
     <%= style_work_metadata_label(t(".copy.summary")) %>
-    <% # TODO: Remove to_plain_text when AO3-6519 is fixed. %>
-    <%= to_plain_text(raw @summary) %>
+    <%# TODO: Remove to_plain_text when AO3-6519 is fixed. %>
+    <%= to_plain_text(raw(@summary)) %>
   </p>
 
   <p><%= style_work_metadata_label(t(".copy.comment")) %></p>
-  <p><%= style_quote(raw @comment) %></p>
+  <p><%= style_quote(raw(strip_images(@comment))) %></p>
 
   <p><%= t(".thank_you") %></p>
 

diff --git a/app/views/user_mailer/feedback.html.erb b/app/views/user_mailer/feedback.html.erb
@@ -16,7 +16,7 @@
     form:
   </p>
 
-  <%= style_quote("<b>" + (raw @summary) + "</b>" + (raw @comment)) %>
+  <%= style_quote("<b>#{raw(strip_images(@summary))}</b> #{raw(strip_images(@comment))}") %>
 
   <p>
     If you have additional questions or information, do not hesitate to send in

diff --git a/features/comments_and_kudos/inbox.feature b/features/comments_and_kudos/inbox.feature
@@ -159,3 +159,12 @@ Feature: Get messages in the inbox
       And I go to the homepage
     Then I should see "sewwiththeflo on Cat Thor's Bizarre Adventure"
       And I should see "Thank you! Please go to bed."
+
+  Scenario: Reply to a comment on an admin post that contains an image
+    Given I have posted an admin post
+      And a comment "My comment" by "sewwiththeflo" on the admin post "Default Admin Post"
+      And a reply "My reply <img src='foo.jpg' />" by "unbeatablesg" on the admin post "Default Admin Post"
+    When I am logged in as "sewwiththeflo"
+      And I go to the homepage
+    Then I should see "My reply"
+      And I should not see "<img src='foo.jpg' />"
diff --git a/features/other_a/abuse_report.feature b/features/other_a/abuse_report.feature
@@ -59,3 +59,15 @@ Feature: Filing an abuse report
     And I press "Submit"
     And I should see "Your report was submitted to the Policy & Abuse team. A confirmation message has been sent to the email address you provided."
     And 1 email should be delivered
+
+  Scenario: File a report containing images
+
+  Given I am logged in as "otheruser"
+    And basic languages
+  When I follow "Policy Questions & Abuse Reports"
+    And I fill in "Description of the content you are reporting (required)" with "This is wrong"
+    And I fill in "Brief summary of Terms of Service violation (required)" with '<img src="foo.jpg" />Hi'
+    And I fill in "Link to the page you are reporting (required)" with "http://www.archiveofourown.org/works"
+    And I press "Submit"
+  Then 1 email should be delivered
+    And the email should not contain "<img src="foo.jpg" />"
diff --git a/features/other_b/support.feature b/features/other_b/support.feature
@@ -46,4 +46,14 @@ Feature: Filing a support request
     And I press "Send"
   Then I should see "Your message was sent to the Archive team - thank you!"
     And 1 email should be delivered
-
+
+  Scenario: Submit a request containing an image
+
+  Given I am logged in as "puzzled"
+    And basic languages
+  When I follow "Support & Feedback"
+    And I fill in "Brief summary" with "Just a brief note"
+    And I fill in "Your question or problem" with '<img src="foo.jpg" />Hi'
+    And I press "Send"
+  Then 1 email should be delivered
+    And the email should not contain "<img src="foo.jpg" />"
diff --git a/test/mailers/previews/user_mailer_preview.rb b/test/mailers/previews/user_mailer_preview.rb
@@ -1,4 +1,10 @@
 class UserMailerPreview < ApplicationMailerPreview
+  # Sent to a user when they submit an abuse report
+  def abuse_report_response
+    abuse_report = create(:abuse_report)
+    UserMailer.abuse_report(abuse_report.id)
+  end
+
   # Sends email when an archivist adds someone as a co-creator.
   def creatorship_notification_archivist
     second_creatorship, first_creator = creatorship_notification_data
@@ -17,6 +23,12 @@ def creatorship_request
     UserMailer.creatorship_request(second_creatorship.id, first_creator.id)
   end
 
+  # Sent to a user when the submit a support request (AKA feedback)
+  def feedback_response
+    feedback = create(:feedback)
+    UserMailer.feedback(feedback.id)
+  end
+
   private
 
   def creatorship_notification_data
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,7 +16,7 @@ @@
         form:
       </p>
-      <%= style_quote("<b>" + (raw @summary) + "</b>" + (raw @comment)) %>
+      <%= style_quote("<b>#{raw(strip_images(@summary))}</b> #{raw(strip_images(@comment))}") %>
       <p>
         If you have additional questions or information, do not hesitate to send in
@@ Expand Down @@