Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Fixed posting empty comments

Browse source 
refs https://github.com/TryGhost/Team/issues/1750

- Trim whitespace from empty paragraphs
- Do not allow empty comments
- Also includes: Allow requesting the parent relationship of a comment (required for focusing comments)
This commit is contained in:
Simon Backx 2022-08-05 15:31:08 +02:00
parent 3c76172e81
commit 17a9759cf3
2 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ghost/core/core/server/api/endpoints/comments-members.js
View file

@ -3,7 +3,7 @@ const tpl = require('@tryghost/tpl');
const errors = require('@tryghost/errors'); const errors = require('@tryghost/errors');
const models = require('../../models'); const models = require('../../models');
const commentsService = require('../../services/comments'); const commentsService = require('../../services/comments');
const ALLOWED_INCLUDES = ['post', 'member', 'likes', 'replies']; const ALLOWED_INCLUDES = ['post', 'member', 'likes', 'replies', 'parent'];
const UNSAFE_ATTRS = ['status']; const UNSAFE_ATTRS = ['status'];
const messages = { const messages = {

21
ghost/core/core/server/models/comment.js
View file

@ -2,24 +2,22 @@ const ghostBookshelf = require('./base');
const _ = require('lodash'); const _ = require('lodash');
const errors = require('@tryghost/errors'); const errors = require('@tryghost/errors');
const tpl = require('@tryghost/tpl'); const tpl = require('@tryghost/tpl');
const {ValidationError} = require('@tryghost/errors');
const messages = { const messages = {
emptyComment: 'The body of a comment cannot be empty',
commentNotFound: 'Comment could not be found', commentNotFound: 'Comment could not be found',
notYourCommentToEdit: 'You may only edit your own comments', notYourCommentToEdit: 'You may only edit your own comments',
notYourCommentToDestroy: 'You may only delete your own comments' notYourCommentToDestroy: 'You may only delete your own comments'
}; };
function escapeRegex(string) {
return string.replace(/[-/\\^$*+?.()|[\]{}]/g, '\\$&');
}
/** /**
* Remove empty paragraps from the start and end * Remove empty paragraps from the start and end
* + remove duplicate empty paragrapsh (only one empty line allowed) * + remove duplicate empty paragrapsh (only one empty line allowed)
*/ */
function trimParagraphs(str) { function trimParagraphs(str) {
const paragraph = '<p></p>'; const paragraph = '<p></p>';
const escapedParagraph = escapeRegex(paragraph); const escapedParagraph = '<p>\\s*?</p>';
const startReg = new RegExp('^(' + escapedParagraph + ')+'); const startReg = new RegExp('^(' + escapedParagraph + ')+');
const endReg = new RegExp('(' + escapedParagraph + ')+$'); const endReg = new RegExp('(' + escapedParagraph + ')+$');
@ -67,7 +65,7 @@ const Comment = ghostBookshelf.Model.extend({
if (this.hasChanged('html')) { if (this.hasChanged('html')) {
const sanitizeHtml = require('sanitize-html'); const sanitizeHtml = require('sanitize-html');
this.set('html', trimParagraphs( const html = trimParagraphs(
sanitizeHtml(this.get('html'), { sanitizeHtml(this.get('html'), {
allowedTags: ['p', 'br', 'a', 'blockquote'], allowedTags: ['p', 'br', 'a', 'blockquote'],
allowedAttributes: { allowedAttributes: {
@ -82,7 +80,16 @@ const Comment = ghostBookshelf.Model.extend({
}) })
} }
}) })
)); ).trim();
console.log(html);
if (html.length === 0) {
throw new ValidationError({
message: tpl(messages.emptyComment)
});
}
this.set('html', html);
} }
}, },