git.squeep.com Git - akkoma/blob - lib/pleroma/html.ex

   1 defmodule Pleroma.HTML do
   2   alias HtmlSanitizeEx.Scrubber
   3
   4   @markup Application.get_env(:pleroma, :markup)
   5
   6   def filter_tags(html) do
   7     scrubber = Keyword.get(@markup, :scrub_policy)
   8     html |> Scrubber.scrub(scrubber)
   9   end
  10
  11   def strip_tags(html) do
  12     html |> Scrubber.scrub(Scrubber.StripTags)
  13   end
  14 end
  15
  16 defmodule Pleroma.HTML.Scrubber.TwitterText do
  17   @moduledoc """
  18   An HTML scrubbing policy which limits to twitter-style text.  Only
  19   paragraphs, breaks and links are allowed through the filter.
  20   """
  21
  22   require HtmlSanitizeEx.Scrubber.Meta
  23   alias HtmlSanitizeEx.Scrubber.Meta
  24
  25   @valid_schemes ["http", "https"]
  26
  27   Meta.remove_cdata_sections_before_scrub()
  28   Meta.strip_comments()
  29
  30   # links
  31   Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
  32   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
  33
  34   # paragraphs and linebreaks
  35   Meta.allow_tag_with_these_attributes("br", [])
  36   Meta.allow_tag_with_these_attributes("p", [])
  37
  38   # microformats
  39   Meta.allow_tag_with_these_attributes("span", [])
  40 end
  41
  42 defmodule Pleroma.HTML.Scrubber.Default do
  43   @doc "The default HTML scrubbing policy: no "
  44
  45   require HtmlSanitizeEx.Scrubber.Meta
  46   alias HtmlSanitizeEx.Scrubber.Meta
  47
  48   @valid_schemes ["http", "https"]
  49
  50   Meta.remove_cdata_sections_before_scrub()
  51   Meta.strip_comments()
  52
  53   Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
  54   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
  55
  56   Meta.allow_tag_with_these_attributes("b", [])
  57   Meta.allow_tag_with_these_attributes("blockquote", [])
  58   Meta.allow_tag_with_these_attributes("br", [])
  59   Meta.allow_tag_with_these_attributes("code", [])
  60   Meta.allow_tag_with_these_attributes("del", [])
  61   Meta.allow_tag_with_these_attributes("em", [])
  62   Meta.allow_tag_with_these_attributes("i", [])
  63   Meta.allow_tag_with_these_attributes("li", [])
  64   Meta.allow_tag_with_these_attributes("ol", [])
  65   Meta.allow_tag_with_these_attributes("p", [])
  66   Meta.allow_tag_with_these_attributes("pre", [])
  67   Meta.allow_tag_with_these_attributes("span", [])
  68   Meta.allow_tag_with_these_attributes("strong", [])
  69   Meta.allow_tag_with_these_attributes("u", [])
  70   Meta.allow_tag_with_these_attributes("ul", [])
  71
  72   @markup Application.get_env(:pleroma, :markup)
  73   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
  74
  75   if @allow_inline_images do
  76     Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
  77
  78     Meta.allow_tag_with_these_attributes("img", [
  79       "width",
  80       "height",
  81       "title",
  82       "alt"
  83     ])
  84   end
  85
  86   @allow_tables Keyword.get(@markup, :allow_tables)
  87
  88   if @allow_tables do
  89     Meta.allow_tag_with_these_attributes("table", [])
  90     Meta.allow_tag_with_these_attributes("tbody", [])
  91     Meta.allow_tag_with_these_attributes("td", [])
  92     Meta.allow_tag_with_these_attributes("th", [])
  93     Meta.allow_tag_with_these_attributes("thead", [])
  94     Meta.allow_tag_with_these_attributes("tr", [])
  95   end
  96
  97   @allow_headings Keyword.get(@markup, :allow_headings)
  98
  99   if @allow_headings do
 100     Meta.allow_tag_with_these_attributes("h1", [])
 101     Meta.allow_tag_with_these_attributes("h2", [])
 102     Meta.allow_tag_with_these_attributes("h3", [])
 103     Meta.allow_tag_with_these_attributes("h4", [])
 104     Meta.allow_tag_with_these_attributes("h5", [])
 105   end
 106
 107   @allow_fonts Keyword.get(@markup, :allow_fonts)
 108
 109   if @allow_fonts do
 110     Meta.allow_tag_with_these_attributes("font", ["face"])
 111   end
 112
 113   Meta.strip_everything_not_covered()
 114 end