diff options
| author | かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> | 2024-09-15 12:30:27 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-15 12:30:27 +0900 |
| commit | be0906a6c73726ed02a358bcbe904fa3d99713ea (patch) | |
| tree | 77976e832879c93f9930c770da55753b10b4a56a /packages/backend/src | |
| parent | fix(frontend): MkDateSeparatedListで月の違う同じ日はセパレータ... (diff) | |
| download | misskey-be0906a6c73726ed02a358bcbe904fa3d99713ea.tar.gz misskey-be0906a6c73726ed02a358bcbe904fa3d99713ea.tar.bz2 misskey-be0906a6c73726ed02a358bcbe904fa3d99713ea.zip | |
fix(backend): happy-domで外部HTMLをパースする際に関連リソースが読み込まれる問題を修正 (#14521)
* bump happy-dom, disable all JS&c when parsing
version 10 didn't quite support disabling all of that
I have tested that `MfmService` (the other code that uses `happy-dom`)
still works fine: the RSS feed for a user is generated correctly, with
HTML rendered from MFM
(cherry picked from commit 26e0412fbb91447c37e8fb06ffb0487346063bb8)
* Update Changelog
* lint
* fix possible memory leak
---------
Co-authored-by: dakkar <dakkar@thenautilus.net>
Diffstat (limited to 'packages/backend/src')
| -rw-r--r-- | packages/backend/src/core/activitypub/ApRequestService.ts | 39 |
1 files changed, 32 insertions, 7 deletions
diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts index 7cf8359212..805280db36 100644 --- a/packages/backend/src/core/activitypub/ApRequestService.ts +++ b/packages/backend/src/core/activitypub/ApRequestService.ts @@ -207,16 +207,41 @@ export class ApRequestService { if ((contentType ?? '').split(';')[0].trimEnd().toLowerCase() === 'text/html' && _followAlternate === true) { const html = await res.text(); - const window = new Window(); + const window = new Window({ + settings: { + disableJavaScriptEvaluation: true, + disableJavaScriptFileLoading: true, + disableCSSFileLoading: true, + disableComputedStyleRendering: true, + handleDisabledFileLoadingAsSuccess: true, + navigation: { + disableMainFrameNavigation: true, + disableChildFrameNavigation: true, + disableChildPageNavigation: true, + disableFallbackToSetURL: true, + }, + timer: { + maxTimeout: 0, + maxIntervalTime: 0, + maxIntervalIterations: 0, + }, + }, + }); const document = window.document; - document.documentElement.innerHTML = html; + try { + document.documentElement.innerHTML = html; - const alternate = document.querySelector('head > link[rel="alternate"][type="application/activity+json"]'); - if (alternate) { - const href = alternate.getAttribute('href'); - if (href) { - return await this.signedGet(href, user, false); + const alternate = document.querySelector('head > link[rel="alternate"][type="application/activity+json"]'); + if (alternate) { + const href = alternate.getAttribute('href'); + if (href) { + return await this.signedGet(href, user, false); + } } + } catch (e) { + // something went wrong parsing the HTML, ignore the whole thing + } finally { + window.close(); } } //#endregion |