From feb5d9b74fa1e8454eaaf29afae3643c6d7c81f1 Mon Sep 17 00:00:00 2001
From: Andrew Godwin
Date: Fri, 11 Nov 2022 22:02:43 -0700
Subject: Got up to incoming posts working

---
 core/html.py  | 11 +++++++++++
 core/ld.py    | 30 +++++++++++++++++-------------
 core/views.py |  2 +-
 3 files changed, 29 insertions(+), 14 deletions(-)
 create mode 100644 core/html.py

(limited to 'core')

diff --git a/core/html.py b/core/html.py
new file mode 100644
index 0000000..e63dda3
--- /dev/null
+++ b/core/html.py
@@ -0,0 +1,11 @@
+import bleach
+from django.utils.safestring import mark_safe
+
+
+def sanitize_post(post_html: str) -> str:
+    """
+    Only allows a, br, p and span tags, and class attributes.
+    """
+    return mark_safe(
+        bleach.clean(post_html, tags=["a", "br", "p", "span"], attributes=["class"])
+    )
diff --git a/core/ld.py b/core/ld.py
index 2211ba9..82e2894 100644
--- a/core/ld.py
+++ b/core/ld.py
@@ -1,4 +1,5 @@
 import urllib.parse as urllib_parse
+from typing import Dict, List, Union
 
 from pyld import jsonld
 from pyld.jsonld import JsonLdError
@@ -299,24 +300,27 @@ def builtin_document_loader(url: str, options={}):
             )
 
 
-def canonicalise(json_data, include_security=False):
+def canonicalise(json_data: Dict, include_security: bool = False) -> Dict:
     """
     Given an ActivityPub JSON-LD document, round-trips it through the LD
     systems to end up in a canonicalised, compacted format.
 
+    If no context is provided, supplies one automatically.
+
     For most well-structured incoming data this won't actually do anything,
     but it's probably good to abide by the spec.
     """
-    if not isinstance(json_data, (dict, list)):
+    if not isinstance(json_data, dict):
         raise ValueError("Pass decoded JSON data into LDDocument")
-    return jsonld.compact(
-        jsonld.expand(json_data),
-        (
-            [
-                "https://www.w3.org/ns/activitystreams",
-                "https://w3id.org/security/v1",
-            ]
-            if include_security
-            else "https://www.w3.org/ns/activitystreams"
-        ),
-    )
+    context: Union[str, List[str]]
+    if include_security:
+        context = [
+            "https://www.w3.org/ns/activitystreams",
+            "https://w3id.org/security/v1",
+        ]
+    else:
+        context = "https://www.w3.org/ns/activitystreams"
+    if "@context" not in json_data:
+        json_data["@context"] = context
+
+    return jsonld.compact(jsonld.expand(json_data), context)
diff --git a/core/views.py b/core/views.py
index dbaebf9..205224c 100644
--- a/core/views.py
+++ b/core/views.py
@@ -1,6 +1,6 @@
 from django.views.generic import TemplateView
 
-from statuses.views.home import Home
+from activities.views.home import Home
 from users.models import Identity
 
 
-- 
cgit v1.2.3