git.squeep.com Git - akkoma/blob - lib/pleroma/html.ex

   1 defmodule Pleroma.HTML do
   2   alias HtmlSanitizeEx.Scrubber
   3
   4   @markup Application.get_env(:pleroma, :markup)
   5
   6   defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber]
   7   defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers
   8   defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default]
   9
  10   def get_scrubbers() do
  11     Keyword.get(@markup, :scrub_policy)
  12     |> get_scrubbers
  13   end
  14
  15   def filter_tags(html, nil) do
  16     get_scrubbers()
  17     |> Enum.reduce(html, fn scrubber, html ->
  18       filter_tags(html, scrubber)
  19     end)
  20   end
  21
  22   def filter_tags(html, scrubber) do
  23     html |> Scrubber.scrub(scrubber)
  24   end
  25
  26   def filter_tags(html), do: filter_tags(html, nil)
  27
  28   def strip_tags(html) do
  29     html |> Scrubber.scrub(Scrubber.StripTags)
  30   end
  31 end
  32
  33 defmodule Pleroma.HTML.Scrubber.TwitterText do
  34   @moduledoc """
  35   An HTML scrubbing policy which limits to twitter-style text.  Only
  36   paragraphs, breaks and links are allowed through the filter.
  37   """
  38
  39   require HtmlSanitizeEx.Scrubber.Meta
  40   alias HtmlSanitizeEx.Scrubber.Meta
  41
  42   @valid_schemes ["http", "https"]
  43
  44   Meta.remove_cdata_sections_before_scrub()
  45   Meta.strip_comments()
  46
  47   # links
  48   Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
  49   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
  50
  51   # paragraphs and linebreaks
  52   Meta.allow_tag_with_these_attributes("br", [])
  53   Meta.allow_tag_with_these_attributes("p", [])
  54
  55   # microformats
  56   Meta.allow_tag_with_these_attributes("span", [])
  57
  58   # allow inline images for custom emoji
  59   @markup Application.get_env(:pleroma, :markup)
  60   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
  61
  62   if @allow_inline_images do
  63     Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
  64
  65     Meta.allow_tag_with_these_attributes("img", [
  66       "width",
  67       "height",
  68       "title",
  69       "alt"
  70     ])
  71   end
  72 end
  73
  74 defmodule Pleroma.HTML.Scrubber.Default do
  75   @doc "The default HTML scrubbing policy: no "
  76
  77   require HtmlSanitizeEx.Scrubber.Meta
  78   alias HtmlSanitizeEx.Scrubber.Meta
  79
  80   @valid_schemes ["http", "https"]
  81
  82   Meta.remove_cdata_sections_before_scrub()
  83   Meta.strip_comments()
  84
  85   Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
  86   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
  87
  88   Meta.allow_tag_with_these_attributes("b", [])
  89   Meta.allow_tag_with_these_attributes("blockquote", [])
  90   Meta.allow_tag_with_these_attributes("br", [])
  91   Meta.allow_tag_with_these_attributes("code", [])
  92   Meta.allow_tag_with_these_attributes("del", [])
  93   Meta.allow_tag_with_these_attributes("em", [])
  94   Meta.allow_tag_with_these_attributes("i", [])
  95   Meta.allow_tag_with_these_attributes("li", [])
  96   Meta.allow_tag_with_these_attributes("ol", [])
  97   Meta.allow_tag_with_these_attributes("p", [])
  98   Meta.allow_tag_with_these_attributes("pre", [])
  99   Meta.allow_tag_with_these_attributes("span", [])
 100   Meta.allow_tag_with_these_attributes("strong", [])
 101   Meta.allow_tag_with_these_attributes("u", [])
 102   Meta.allow_tag_with_these_attributes("ul", [])
 103
 104   @markup Application.get_env(:pleroma, :markup)
 105   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
 106
 107   if @allow_inline_images do
 108     Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
 109
 110     Meta.allow_tag_with_these_attributes("img", [
 111       "width",
 112       "height",
 113       "title",
 114       "alt"
 115     ])
 116   end
 117
 118   @allow_tables Keyword.get(@markup, :allow_tables)
 119
 120   if @allow_tables do
 121     Meta.allow_tag_with_these_attributes("table", [])
 122     Meta.allow_tag_with_these_attributes("tbody", [])
 123     Meta.allow_tag_with_these_attributes("td", [])
 124     Meta.allow_tag_with_these_attributes("th", [])
 125     Meta.allow_tag_with_these_attributes("thead", [])
 126     Meta.allow_tag_with_these_attributes("tr", [])
 127   end
 128
 129   @allow_headings Keyword.get(@markup, :allow_headings)
 130
 131   if @allow_headings do
 132     Meta.allow_tag_with_these_attributes("h1", [])
 133     Meta.allow_tag_with_these_attributes("h2", [])
 134     Meta.allow_tag_with_these_attributes("h3", [])
 135     Meta.allow_tag_with_these_attributes("h4", [])
 136     Meta.allow_tag_with_these_attributes("h5", [])
 137   end
 138
 139   @allow_fonts Keyword.get(@markup, :allow_fonts)
 140
 141   if @allow_fonts do
 142     Meta.allow_tag_with_these_attributes("font", ["face"])
 143   end
 144
 145   Meta.strip_everything_not_covered()
 146 end
 147
 148 defmodule Pleroma.HTML.Transform.MediaProxy do
 149   @moduledoc "Transforms inline image URIs to use MediaProxy."
 150
 151   alias Pleroma.Web.MediaProxy
 152
 153   def before_scrub(html), do: html
 154
 155   def scrub_attribute("img", {"src", "http" <> target}) do
 156     media_url =
 157       ("http" <> target)
 158       |> MediaProxy.url()
 159
 160     {"src", media_url}
 161   end
 162
 163   def scrub_attribute(tag, attribute), do: attribute
 164
 165   def scrub({"img", attributes, children}) do
 166     attributes =
 167       attributes
 168       |> Enum.map(fn attr -> scrub_attribute("img", attr) end)
 169       |> Enum.reject(&is_nil(&1))
 170
 171     {"img", attributes, children}
 172   end
 173
 174   def scrub({tag, attributes, children}), do: {tag, attributes, children}
 175   def scrub({tag, children}), do: children
 176   def scrub(text), do: text
 177 end