fix(backend): happy-domで外部HTMLをパースする際に関連リソースが読み込まれる問題を修正 (#14521)

* bump happy-dom, disable all JS&c when parsing

version 10 didn't quite support disabling all of that

I have tested that `MfmService` (the other code that uses `happy-dom`)
still works fine: the RSS feed for a user is generated correctly, with
HTML rendered from MFM

(cherry picked from commit 26e0412fbb91447c37e8fb06ffb0487346063bb8)

* Update Changelog

* lint

* fix possible memory leak

---------

Co-authored-by: dakkar <dakkar@thenautilus.net>
This commit is contained in:
かっこかり
2024-09-15 12:30:27 +09:00
committed by GitHub
parent e0f54d6a68
commit be0906a6c7
4 changed files with 47 additions and 10 deletions

View File

@@ -119,7 +119,7 @@
"fluent-ffmpeg": "2.1.3",
"form-data": "4.0.0",
"got": "14.4.2",
"happy-dom": "10.0.3",
"happy-dom": "15.6.1",
"hpagent": "1.2.0",
"htmlescape": "1.1.1",
"http-link-header": "1.1.3",

View File

@@ -207,16 +207,41 @@ export class ApRequestService {
if ((contentType ?? '').split(';')[0].trimEnd().toLowerCase() === 'text/html' && _followAlternate === true) {
const html = await res.text();
const window = new Window();
const window = new Window({
settings: {
disableJavaScriptEvaluation: true,
disableJavaScriptFileLoading: true,
disableCSSFileLoading: true,
disableComputedStyleRendering: true,
handleDisabledFileLoadingAsSuccess: true,
navigation: {
disableMainFrameNavigation: true,
disableChildFrameNavigation: true,
disableChildPageNavigation: true,
disableFallbackToSetURL: true,
},
timer: {
maxTimeout: 0,
maxIntervalTime: 0,
maxIntervalIterations: 0,
},
},
});
const document = window.document;
document.documentElement.innerHTML = html;
try {
document.documentElement.innerHTML = html;
const alternate = document.querySelector('head > link[rel="alternate"][type="application/activity+json"]');
if (alternate) {
const href = alternate.getAttribute('href');
if (href) {
return await this.signedGet(href, user, false);
const alternate = document.querySelector('head > link[rel="alternate"][type="application/activity+json"]');
if (alternate) {
const href = alternate.getAttribute('href');
if (href) {
return await this.signedGet(href, user, false);
}
}
} catch (e) {
// something went wrong parsing the HTML, ignore the whole thing
} finally {
window.close();
}
}
//#endregion