[engine] Chat links front#6168

Author: Ben

Core/Chat/Entities/ChatMessage.php

@@ -5,6 +5,7 @@
 use DateTimeInterface;
 use Minds\Core\Di\Di;
 use Minds\Entities\EntityInterface;
+use Minds\Helpers\Export;
 
 class ChatMessage implements EntityInterface
 {
@@ -84,8 +85,8 @@ public function export(): array
             'roomGuid' => $this->roomGuid,
             'type' => $this->getType(),
             'subtype' => $this->getSubtype(),
-            'sender' => $sender->export(),
-            'plainText' => $this->plainText,
+            'sender' => $sender?->export(),
+            'plainText' => Export::sanitizeString($this->plainText),
             'createdTimestampUnix' => $this->createdAt->getTimestamp()
         ];
     }

Core/Chat/Types/ChatMessageNode.php

@@ -4,6 +4,7 @@
 use Minds\Core\Chat\Entities\ChatMessage;
 use Minds\Core\Feeds\GraphQL\Types\UserEdge;
 use Minds\Core\GraphQL\Types\NodeInterface;
+use Minds\Helpers\Export;
 use TheCodingMachine\GraphQLite\Annotations\Field;
 use TheCodingMachine\GraphQLite\Annotations\Type;
 use TheCodingMachine\GraphQLite\Types\ID;
@@ -48,7 +49,7 @@ public function getRoomGuid(): string
     #[Field]
     public function getPlainText(): string
     {
-        return $this->chatMessage->plainText;
+        return Export::sanitizeString($this->chatMessage->plainText);
     }
 
     /**

Helpers/Export.php

@@ -24,9 +24,7 @@ public static function sanitize($array)
                 } else {
                     $return[$k] = (string) $v;
                 }
-                $return[$k] = htmlspecialchars($return[$k], ENT_NOQUOTES);
-                $return[$k] = str_replace('&', '&', $return[$k]);
-                $return[$k] = str_replace(' ', ' ', $return[$k]);
+                $return[$k] = self::sanitizeString($return[$k]);
             } elseif (is_bool($v)) {
                 $return[$k] = $v;
             } elseif (is_object($v) || is_array($v)) {
@@ -38,4 +36,15 @@ public static function sanitize($array)
 
         return $return;
     }
+
+    /**
+     * Sanitized a string for output
+     */
+    public static function sanitizeString(string $input): string
+    {
+        $output = htmlspecialchars($input, ENT_NOQUOTES);
+        $output = str_replace('&', '&', $output);
+        $output = str_replace(' ', ' ', $output);
+        return $output;
+    }
 }

Spec/Core/Chat/Entities/ChatMessageSpec.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace Spec\Minds\Core\Chat\Entities;
+
+use Minds\Core\Chat\Entities\ChatMessage;
+use PhpSpec\ObjectBehavior;
+
+class ChatMessageSpec extends ObjectBehavior
+{
+    public function let()
+    {
+        $this->beConstructedWith(1, 2, 3, '');
+    }
+
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType(ChatMessage::class);
+    }
+
+    public function it_should_export_sanitized_plaintext()
+    {
+        $plainText = 'just <b>for testing</b>';
+        $this->beConstructedWith(1, 2, 3, $plainText);
+
+        $export = $this->export();
+        $export['plainText']->shouldBe('just &lt;b&gt;for testing&lt;/b&gt;');
+    }
+}

Spec/Core/Chat/Types/ChatMessageNodeSpec.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace Spec\Minds\Core\Chat\Types;
+
+use Minds\Core\Chat\Entities\ChatMessage;
+use Minds\Core\Chat\Types\ChatMessageNode;
+use Minds\Core\Feeds\GraphQL\Types\UserEdge;
+use PhpSpec\ObjectBehavior;
+use PhpSpec\Wrapper\Collaborator;
+
+class ChatMessageNodeSpec extends ObjectBehavior
+{
+    private Collaborator $chatMessageMock;
+    private Collaborator $userEdgeMock;
+
+    public function let(ChatMessage $chatMessageMock, UserEdge $userEdgeMock)
+    {
+        $this->beConstructedWith($chatMessageMock, $userEdgeMock);
+        $this->chatMessageMock = $chatMessageMock;
+        $this->userEdgeMock = $userEdgeMock;
+    }
+
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType(ChatMessageNode::class);
+    }
+
+    public function it_should_return_sanitized_plaintext()
+    {
+        $plainText = 'just <b>for testing</b>';
+        $chatMessage = new ChatMessage(1, 2, 3, $plainText);
+        $this->beConstructedWith($chatMessage, $this->userEdgeMock);
+
+        $this->getPlainText()->shouldBe('just &lt;b&gt;for testing&lt;/b&gt;');
+    }
+
+}