From d6f4f5bd511815b2cbfe09b5a5b67b587b34c062 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Wed, 27 Nov 2024 04:49:17 +0100
Subject: [PATCH] [backend/libmfm] Wrap MFM payloads that cause the parser to
 time out in a MfmPlainNode

---
 .../Core/Helpers/LibMfm/Serialization/MfmSerializer.cs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Iceshrimp.Backend/Core/Helpers/LibMfm/Serialization/MfmSerializer.cs b/Iceshrimp.Backend/Core/Helpers/LibMfm/Serialization/MfmSerializer.cs
index 63b3a1b2..160810ce 100644
--- a/Iceshrimp.Backend/Core/Helpers/LibMfm/Serialization/MfmSerializer.cs
+++ b/Iceshrimp.Backend/Core/Helpers/LibMfm/Serialization/MfmSerializer.cs
@@ -138,6 +138,16 @@ public static class MfmSerializer
 					result.Append(end);
 					break;
 				}
+				case MfmTimeoutTextNode mfmTimeoutTextNode:
+				{
+					// This mitigates MFM DoS payloads, since every incoming note is parsed & reserialized.
+					// We need to remove all </plain> tags to make sure that the mitigation can't be bypassed by adding </plain> to the payload.
+					// Opening <plain> tags are removed because they are now unnecessary.
+					result.Append("<plain>");
+					result.Append(mfmTimeoutTextNode.Text.Replace("<plain>", "").Replace("</plain>", ""));
+					result.Append("</plain>");
+					break;
+				}
 				case MfmTextNode mfmTextNode:
 				{
 					result.Append(mfmTextNode.Text);