From b387f4a1c1ff02573f16de0b25403cf501afc3b4 Mon Sep 17 00:00:00 2001 From: Erin Shepherd Date: Tue, 20 Feb 2024 11:31:29 +0100 Subject: [PATCH] Don't steal emoji who's shortcodes have dots or colons in their name Mastodon at the very least seems to prevent the creation of emoji with dots in their name (and refuses to accept them in federation). It feels like being cautious in what we accept is reasonable here. Colons are the emoji separator and so obviously should be blocked. Perhaps instead of filtering out things like this we should just do a regex match on `[a-zA-Z0-9_-]`? But that's plausibly a decision for another day Perhaps we should also have a centralised "is this a valid emoji shortcode?" function --- lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex index 3e1dc7d43..6c43afa58 100644 --- a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex @@ -77,7 +77,7 @@ def filter(%{"object" => %{"emoji" => foreign_emojis, "actor" => actor}} = messa new_emojis = foreign_emojis |> Enum.reject(fn {shortcode, _url} -> shortcode in installed_emoji end) - |> Enum.reject(fn {shortcode, _url} -> String.contains?(shortcode, ["/", "\\"]) end) + |> Enum.reject(fn {shortcode, _url} -> String.contains?(shortcode, ["/", "\\", ".", ":"]) end) |> Enum.filter(fn {shortcode, _url} -> reject_emoji? = [:mrf_steal_emoji, :rejected_shortcodes]