@markup Application.get_env(:pleroma, :markup)
+ def valid_schemes() do
+ [
+ "https://",
+ "http://",
+ "dat://",
+ "dweb://",
+ "gopher://",
+ "ipfs://",
+ "ipns://",
+ "irc:",
+ "ircs:",
+ "magnet:",
+ "mailto:",
+ "mumble:",
+ "ssb://",
+ "xmpp:"
+ ]
+ end
+
defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber]
defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers
defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default]
require HtmlSanitizeEx.Scrubber.Meta
alias HtmlSanitizeEx.Scrubber.Meta
- @valid_schemes ["http", "https"]
+ alias Pleroma.HTML
Meta.remove_cdata_sections_before_scrub()
Meta.strip_comments()
# links
- Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
+ Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes())
Meta.allow_tag_with_these_attributes("a", ["name", "title"])
# paragraphs and linebreaks
@allow_inline_images Keyword.get(@markup, :allow_inline_images)
if @allow_inline_images do
- Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
+ Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes())
Meta.allow_tag_with_these_attributes("img", [
"width",
"alt"
])
end
+
+ Meta.strip_everything_not_covered()
end
defmodule Pleroma.HTML.Scrubber.Default do
require HtmlSanitizeEx.Scrubber.Meta
alias HtmlSanitizeEx.Scrubber.Meta
- @valid_schemes ["http", "https"]
+ alias Pleroma.HTML
Meta.remove_cdata_sections_before_scrub()
Meta.strip_comments()
- Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
+ Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes())
Meta.allow_tag_with_these_attributes("a", ["name", "title"])
Meta.allow_tag_with_these_attributes("b", [])
@allow_inline_images Keyword.get(@markup, :allow_inline_images)
if @allow_inline_images do
- Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
+ Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes())
Meta.allow_tag_with_these_attributes("img", [
"width",