From 3d9860012625595915df336410904e9977aea261 Mon Sep 17 00:00:00 2001
From: Jordan Petridis <jordanpetridis@protonmail.com>
Date: Tue, 3 Apr 2018 17:13:57 +0300
Subject: [PATCH] h-data: Sanitize html during Podcast/Episode parsing.

---
 Cargo.lock                             | 4 ++--
 hammond-data/src/lib.rs                | 1 +
 hammond-data/src/models/new_episode.rs | 7 ++++---
 hammond-data/src/models/new_podcast.rs | 3 ++-
 hammond-gtk/Cargo.toml                 | 1 -
 hammond-gtk/src/main.rs                | 1 -
 hammond-gtk/src/widgets/show.rs        | 6 ++----
 7 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index df6c73f..46db858 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -696,7 +696,6 @@ dependencies = [
 name = "hammond-gtk"
 version = "0.1.0"
 dependencies = [
- "ammonia 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "chrono 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "failure 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "failure_derive 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -741,8 +740,9 @@ dependencies = [
 [[package]]
 name = "html2pango"
 version = "0.1.0"
-source = "git+https://gitlab.gnome.org/danigm/html2pango#2e55f7587a2e7d75cf3ceed814fd473d60384dd2"
+source = "git+https://gitlab.gnome.org/danigm/html2pango#6dda855642d7d3cac0f1873106f2c93dc55ef293"
 dependencies = [
+ "ammonia 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "regex 0.2.10 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
diff --git a/hammond-data/src/lib.rs b/hammond-data/src/lib.rs
index d49d047..7d1d9e3 100644
--- a/hammond-data/src/lib.rs
+++ b/hammond-data/src/lib.rs
@@ -39,6 +39,7 @@ extern crate lazy_static;
 #[macro_use]
 extern crate log;
 
+extern crate ammonia;
 extern crate chrono;
 extern crate futures;
 extern crate futures_cpupool;
diff --git a/hammond-data/src/models/new_episode.rs b/hammond-data/src/models/new_episode.rs
index a86c65b..3b25fb5 100644
--- a/hammond-data/src/models/new_episode.rs
+++ b/hammond-data/src/models/new_episode.rs
@@ -1,3 +1,4 @@
+use ammonia;
 use diesel;
 use diesel::prelude::*;
 use rfc822_sanitizer::parse_from_rfc2822_with_fallback as parse_rfc822;
@@ -230,7 +231,7 @@ impl NewEpisodeMinimal {
     pub(crate) fn into_new_episode(self, item: &rss::Item) -> NewEpisode {
         let length = || -> Option<i32> { item.enclosure().map(|x| x.length().parse().ok())? }();
 
-        let description = item.description().map(|s| s.to_owned());
+        let description = item.description().map(|s| ammonia::clean(s));
 
         NewEpisodeBuilder::default()
             .title(self.title)
@@ -404,7 +405,7 @@ mod tests {
         static ref EXPECTED_LUP_1: NewEpisode = {
             let descr = "Audit your network with a couple of easy commands on Kali Linux. Chris \
                          decides to blow off a little steam by attacking his IoT devices, Wes has \
-                         the scope on Equifax blaming open source & the Beard just saved the \
+                         the scope on Equifax blaming open source &amp; the Beard just saved the \
                          show. It’s a really packed episode!";
 
             NewEpisodeBuilder::default()
@@ -427,7 +428,7 @@ mod tests {
                  concerns. But as the project takes on a new level of relevance, decisions for \
                  the next version of Gnome have us worried about the future.</p>\n\n<p>Plus we \
                  chat with Wimpy about the Ubuntu Rally in NYC, Microsoft’s sneaky move to turn \
-                 Windows 10 into the “ULTIMATE LINUX RUNTIME”, community news & more!</p>";
+                 Windows 10 into the “ULTIMATE LINUX RUNTIME”, community news &amp; more!</p>";
 
             NewEpisodeBuilder::default()
                 .title("Gnome Does it Again | LUP 213")
diff --git a/hammond-data/src/models/new_podcast.rs b/hammond-data/src/models/new_podcast.rs
index db77cbc..e888340 100644
--- a/hammond-data/src/models/new_podcast.rs
+++ b/hammond-data/src/models/new_podcast.rs
@@ -1,3 +1,4 @@
+use ammonia;
 use diesel;
 use diesel::prelude::*;
 use rss;
@@ -88,7 +89,7 @@ impl NewPodcast {
     pub(crate) fn new(chan: &rss::Channel, source_id: i32) -> NewPodcast {
         let title = chan.title().trim();
 
-        let description = chan.description().trim();
+        let description = ammonia::clean(chan.description().trim());
         let link = url_cleaner(chan.link());
         let itunes_img = chan.itunes_ext()
             .and_then(|s| s.image())
diff --git a/hammond-gtk/Cargo.toml b/hammond-gtk/Cargo.toml
index 42ade0c..fde3b8f 100644
--- a/hammond-gtk/Cargo.toml
+++ b/hammond-gtk/Cargo.toml
@@ -6,7 +6,6 @@ version = "0.1.0"
 workspace = "../"
 
 [dependencies]
-ammonia = "1.1.0"
 chrono = "0.4.1"
 gdk = "0.8.0"
 gdk-pixbuf = "0.4.0"
diff --git a/hammond-gtk/src/main.rs b/hammond-gtk/src/main.rs
index 7fa4bda..276ae35 100644
--- a/hammond-gtk/src/main.rs
+++ b/hammond-gtk/src/main.rs
@@ -23,7 +23,6 @@ extern crate log;
 #[macro_use]
 extern crate pretty_assertions;
 
-extern crate ammonia;
 extern crate chrono;
 extern crate hammond_data;
 extern crate hammond_downloader;
diff --git a/hammond-gtk/src/widgets/show.rs b/hammond-gtk/src/widgets/show.rs
index 6c38c95..bf90607 100644
--- a/hammond-gtk/src/widgets/show.rs
+++ b/hammond-gtk/src/widgets/show.rs
@@ -1,9 +1,8 @@
 use failure::Error;
 // use glib;
-use ammonia;
 use gtk;
 use gtk::prelude::*;
-use html2pango::markup as html_to_pango_markup;
+use html2pango::markup_from_raw;
 use open;
 
 use hammond_data::Podcast;
@@ -118,8 +117,7 @@ impl ShowWidget {
 
     /// Set the descripton text.
     fn set_description(&self, text: &str) {
-        self.description
-            .set_markup(&ammonia::clean(&html_to_pango_markup(text)));
+        self.description.set_markup(&markup_from_raw(text));
     }
 
     /// Set scrolled window vertical adjustment.