git.squeep.com Git - akkoma/blob - lib/pleroma/html.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.HTML do
   6   alias HtmlSanitizeEx.Scrubber
   7
   8   defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber]
   9   defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers
  10   defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default]
  11
  12   def get_scrubbers do
  13     Pleroma.Config.get([:markup, :scrub_policy])
  14     |> get_scrubbers
  15   end
  16
  17   def filter_tags(html, nil) do
  18     filter_tags(html, get_scrubbers())
  19   end
  20
  21   def filter_tags(html, scrubbers) when is_list(scrubbers) do
  22     Enum.reduce(scrubbers, html, fn scrubber, html ->
  23       filter_tags(html, scrubber)
  24     end)
  25   end
  26
  27   def filter_tags(html, scrubber), do: Scrubber.scrub(html, scrubber)
  28   def filter_tags(html), do: filter_tags(html, nil)
  29   def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags)
  30
  31   def get_cached_scrubbed_html_for_activity(
  32         content,
  33         scrubbers,
  34         activity,
  35         key \\ "",
  36         callback \\ fn x -> x end
  37       ) do
  38     key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}"
  39
  40     Cachex.fetch!(:scrubber_cache, key, fn _key ->
  41       object = Pleroma.Object.normalize(activity)
  42       ensure_scrubbed_html(content, scrubbers, object.data["fake"] || false, callback)
  43     end)
  44   end
  45
  46   def get_cached_stripped_html_for_activity(content, activity, key) do
  47     get_cached_scrubbed_html_for_activity(
  48       content,
  49       HtmlSanitizeEx.Scrubber.StripTags,
  50       activity,
  51       key,
  52       &HtmlEntities.decode/1
  53     )
  54   end
  55
  56   def ensure_scrubbed_html(
  57         content,
  58         scrubbers,
  59         fake,
  60         callback
  61       ) do
  62     content =
  63       content
  64       |> filter_tags(scrubbers)
  65       |> callback.()
  66
  67     if fake do
  68       {:ignore, content}
  69     else
  70       {:commit, content}
  71     end
  72   end
  73
  74   defp generate_scrubber_signature(scrubber) when is_atom(scrubber) do
  75     generate_scrubber_signature([scrubber])
  76   end
  77
  78   defp generate_scrubber_signature(scrubbers) do
  79     Enum.reduce(scrubbers, "", fn scrubber, signature ->
  80       "#{signature}#{to_string(scrubber)}"
  81     end)
  82   end
  83
  84   def extract_first_external_url(_, nil), do: {:error, "No content"}
  85
  86   def extract_first_external_url(object, content) do
  87     key = "URL|#{object.id}"
  88
  89     Cachex.fetch!(:scrubber_cache, key, fn _key ->
  90       result =
  91         content
  92         |> Floki.filter_out("a.mention,a.hashtag,a[rel~=\"tag\"]")
  93         |> Floki.attribute("a", "href")
  94         |> Enum.at(0)
  95
  96       {:commit, {:ok, result}}
  97     end)
  98   end
  99 end
 100
 101 defmodule Pleroma.HTML.Scrubber.TwitterText do
 102   @moduledoc """
 103   An HTML scrubbing policy which limits to twitter-style text.  Only
 104   paragraphs, breaks and links are allowed through the filter.
 105   """
 106
 107   @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
 108
 109   require HtmlSanitizeEx.Scrubber.Meta
 110   alias HtmlSanitizeEx.Scrubber.Meta
 111
 112   Meta.remove_cdata_sections_before_scrub()
 113   Meta.strip_comments()
 114
 115   # links
 116   Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes)
 117
 118   Meta.allow_tag_with_this_attribute_values("a", "class", [
 119     "hashtag",
 120     "u-url",
 121     "mention",
 122     "u-url mention",
 123     "mention u-url"
 124   ])
 125
 126   Meta.allow_tag_with_this_attribute_values("a", "rel", [
 127     "tag",
 128     "nofollow",
 129     "noopener",
 130     "noreferrer"
 131   ])
 132
 133   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
 134
 135   # paragraphs and linebreaks
 136   Meta.allow_tag_with_these_attributes("br", [])
 137   Meta.allow_tag_with_these_attributes("p", [])
 138
 139   # microformats
 140   Meta.allow_tag_with_this_attribute_values("span", "class", ["h-card"])
 141   Meta.allow_tag_with_these_attributes("span", [])
 142
 143   # allow inline images for custom emoji
 144   if Pleroma.Config.get([:markup, :allow_inline_images]) do
 145     # restrict img tags to http/https only, because of MediaProxy.
 146     Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 147
 148     Meta.allow_tag_with_these_attributes("img", [
 149       "width",
 150       "height",
 151       "class",
 152       "title",
 153       "alt"
 154     ])
 155   end
 156
 157   Meta.strip_everything_not_covered()
 158 end
 159
 160 defmodule Pleroma.HTML.Scrubber.Default do
 161   @doc "The default HTML scrubbing policy: no "
 162
 163   require HtmlSanitizeEx.Scrubber.Meta
 164   alias HtmlSanitizeEx.Scrubber.Meta
 165   # credo:disable-for-previous-line
 166   # No idea how to fix this one…
 167
 168   @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
 169
 170   Meta.remove_cdata_sections_before_scrub()
 171   Meta.strip_comments()
 172
 173   Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes)
 174
 175   Meta.allow_tag_with_this_attribute_values("a", "class", [
 176     "hashtag",
 177     "u-url",
 178     "mention",
 179     "u-url mention",
 180     "mention u-url"
 181   ])
 182
 183   Meta.allow_tag_with_this_attribute_values("a", "rel", [
 184     "tag",
 185     "nofollow",
 186     "noopener",
 187     "noreferrer"
 188   ])
 189
 190   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
 191
 192   Meta.allow_tag_with_these_attributes("abbr", ["title"])
 193
 194   Meta.allow_tag_with_these_attributes("b", [])
 195   Meta.allow_tag_with_these_attributes("blockquote", [])
 196   Meta.allow_tag_with_these_attributes("br", [])
 197   Meta.allow_tag_with_these_attributes("code", [])
 198   Meta.allow_tag_with_these_attributes("del", [])
 199   Meta.allow_tag_with_these_attributes("em", [])
 200   Meta.allow_tag_with_these_attributes("i", [])
 201   Meta.allow_tag_with_these_attributes("li", [])
 202   Meta.allow_tag_with_these_attributes("ol", [])
 203   Meta.allow_tag_with_these_attributes("p", [])
 204   Meta.allow_tag_with_these_attributes("pre", [])
 205   Meta.allow_tag_with_these_attributes("strong", [])
 206   Meta.allow_tag_with_these_attributes("sub", [])
 207   Meta.allow_tag_with_these_attributes("sup", [])
 208   Meta.allow_tag_with_these_attributes("u", [])
 209   Meta.allow_tag_with_these_attributes("ul", [])
 210
 211   Meta.allow_tag_with_this_attribute_values("span", "class", ["h-card"])
 212   Meta.allow_tag_with_these_attributes("span", [])
 213
 214   @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])
 215
 216   if @allow_inline_images do
 217     # restrict img tags to http/https only, because of MediaProxy.
 218     Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 219
 220     Meta.allow_tag_with_these_attributes("img", [
 221       "width",
 222       "height",
 223       "class",
 224       "title",
 225       "alt"
 226     ])
 227   end
 228
 229   if Pleroma.Config.get([:markup, :allow_tables]) do
 230     Meta.allow_tag_with_these_attributes("table", [])
 231     Meta.allow_tag_with_these_attributes("tbody", [])
 232     Meta.allow_tag_with_these_attributes("td", [])
 233     Meta.allow_tag_with_these_attributes("th", [])
 234     Meta.allow_tag_with_these_attributes("thead", [])
 235     Meta.allow_tag_with_these_attributes("tr", [])
 236   end
 237
 238   if Pleroma.Config.get([:markup, :allow_headings]) do
 239     Meta.allow_tag_with_these_attributes("h1", [])
 240     Meta.allow_tag_with_these_attributes("h2", [])
 241     Meta.allow_tag_with_these_attributes("h3", [])
 242     Meta.allow_tag_with_these_attributes("h4", [])
 243     Meta.allow_tag_with_these_attributes("h5", [])
 244   end
 245
 246   if Pleroma.Config.get([:markup, :allow_fonts]) do
 247     Meta.allow_tag_with_these_attributes("font", ["face"])
 248   end
 249
 250   Meta.strip_everything_not_covered()
 251 end
 252
 253 defmodule Pleroma.HTML.Transform.MediaProxy do
 254   @moduledoc "Transforms inline image URIs to use MediaProxy."
 255
 256   alias Pleroma.Web.MediaProxy
 257
 258   def before_scrub(html), do: html
 259
 260   def scrub_attribute("img", {"src", "http" <> target}) do
 261     media_url =
 262       ("http" <> target)
 263       |> MediaProxy.url()
 264
 265     {"src", media_url}
 266   end
 267
 268   def scrub_attribute(_tag, attribute), do: attribute
 269
 270   def scrub({"img", attributes, children}) do
 271     attributes =
 272       attributes
 273       |> Enum.map(fn attr -> scrub_attribute("img", attr) end)
 274       |> Enum.reject(&is_nil(&1))
 275
 276     {"img", attributes, children}
 277   end
 278
 279   def scrub({:comment, _children}), do: ""
 280
 281   def scrub({tag, attributes, children}), do: {tag, attributes, children}
 282   def scrub({_tag, children}), do: children
 283   def scrub(text), do: text
 284 end
 285
 286 defmodule Pleroma.HTML.Scrubber.LinksOnly do
 287   @moduledoc """
 288   An HTML scrubbing policy which limits to links only.
 289   """
 290
 291   @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
 292
 293   require HtmlSanitizeEx.Scrubber.Meta
 294   alias HtmlSanitizeEx.Scrubber.Meta
 295
 296   Meta.remove_cdata_sections_before_scrub()
 297   Meta.strip_comments()
 298
 299   # links
 300   Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
 301
 302   Meta.allow_tag_with_this_attribute_values("a", "rel", [
 303     "tag",
 304     "nofollow",
 305     "noopener",
 306     "noreferrer",
 307     "me"
 308   ])
 309
 310   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
 311   Meta.strip_everything_not_covered()
 312 end