rel="me" check should be case-insenstive (mastodon#32238)

Kyutech-C3 · Nov 21, 2024 · 7385016 · 7385016
1 parent dbddd40
commit 7385016
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 3 deletions.
diff --git a/app/lib/link_details_extractor.rb b/app/lib/link_details_extractor.rb
@@ -237,7 +237,7 @@ def valid_url_or_nil(str, same_origin_only: false)
   end
 
   def link_tag(name)
-    document.xpath("//link[@rel=\"#{name}\"]").pick('href')
+    document.xpath("//link[nokogiri:link_rel_include(@rel, '#{name}')]", NokogiriHandler).pick('href')
   end
 
   def opengraph_tag(name)

diff --git a/app/lib/nokogiri_handler.rb b/app/lib/nokogiri_handler.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class NokogiriHandler
+  class << self
+    # See "set of space-separated tokens" in the HTML5 spec.
+    WHITE_SPACE = /[ \x09\x0A\x0C\x0D]+/
+
+    def link_rel_include(token_list, token)
+      token_list.to_s.downcase.split(WHITE_SPACE).include?(token.downcase)
+    end
+  end
+end
diff --git a/app/services/fetch_resource_service.rb b/app/services/fetch_resource_service.rb
@@ -74,7 +74,7 @@ def expected_type?(json)
 
   def process_html(response)
     page      = Nokogiri::HTML5(response.body_with_limit)
-    json_link = page.xpath('//link[@rel="alternate"]').find { |link| ACTIVITY_STREAM_LINK_TYPES.include?(link['type']) }
+    json_link = page.xpath('//link[nokogiri:link_rel_include(@rel, "alternate")]', NokogiriHandler).find { |link| ACTIVITY_STREAM_LINK_TYPES.include?(link['type']) }
 
     process(json_link['href'], terminal: true) unless json_link.nil?
   end

diff --git a/app/services/verify_link_service.rb b/app/services/verify_link_service.rb
@@ -26,7 +26,7 @@ def perform_request!
   def link_back_present?
     return false if @body.blank?
 
-    links = Nokogiri::HTML5(@body).css("a[rel~='me'],link[rel~='me']")
+    links = Nokogiri::HTML5(@body).xpath('(//a|//link)[@rel][nokogiri:link_rel_include(@rel, "me")]', NokogiriHandler)
 
     if links.any? { |link| link['href']&.downcase == @link_back.downcase }
       true

diff --git a/spec/services/verify_link_service_spec.rb b/spec/services/verify_link_service_spec.rb
@@ -46,6 +46,21 @@
       end
     end
 
+    context 'when a link contains an <a rel=ME> back' do
+      let(:html) do
+        <<~HTML
+          <!doctype html>
+          <body>
+            <a href="#{ActivityPub::TagManager.instance.url_for(account)}" rel=ME>Follow me on Mastodon</a>
+          </body>
+        HTML
+      end
+
+      it 'marks the field as verified' do
+        expect(field.verified?).to be true
+      end
+    end
+
     context 'when a link contains a <link> back' do
       let(:html) do
         <<~HTML