Add an endpoint /api/v1/accounts/:id/lists to get lists to which account belongs

[akkoma] / lib / pleroma / html.ex

diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex
index ab62dd1da27062356648a1bd99bdb7962ef8dd9d..fdc5e7dab9930c4adf66cad34fbd951d17dad544 100644 (file)
--- a/lib/pleroma/html.ex
+++ b/lib/pleroma/html.ex
@@ -12,17 +12,19 @@ defmodule Pleroma.HTML do
     |> get_scrubbers
   end
 
-  def filter_tags(html, scrubber) do
-    html |> Scrubber.scrub(scrubber)
-  end
-
-  def filter_tags(html) do
+  def filter_tags(html, nil) do
     get_scrubbers()
     |> Enum.reduce(html, fn scrubber, html ->
       filter_tags(html, scrubber)
     end)
   end
 
+  def filter_tags(html, scrubber) do
+    html |> Scrubber.scrub(scrubber)
+  end
+
+  def filter_tags(html), do: filter_tags(html, nil)
+
   def strip_tags(html) do
     html |> Scrubber.scrub(Scrubber.StripTags)
   end
@@ -34,10 +36,14 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
   paragraphs, breaks and links are allowed through the filter.
   """
 
+  @markup Application.get_env(:pleroma, :markup)
+  @uri_schemes Application.get_env(:pleroma, :uri_schemes, [])
+  @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, [])
+
   require HtmlSanitizeEx.Scrubber.Meta
   alias HtmlSanitizeEx.Scrubber.Meta
 
-  @valid_schemes ["http", "https"]
+  alias Pleroma.HTML
 
   Meta.remove_cdata_sections_before_scrub()
   Meta.strip_comments()
@@ -54,11 +60,11 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
   Meta.allow_tag_with_these_attributes("span", [])
 
   # allow inline images for custom emoji
-  @markup Application.get_env(:pleroma, :markup)
   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
 
   if @allow_inline_images do
-    Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
+    # restrict img tags to http/https only, because of MediaProxy.
+    Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 
     Meta.allow_tag_with_these_attributes("img", [
       "width",
@@ -67,6 +73,8 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
       "alt"
     ])
   end
+
+  Meta.strip_everything_not_covered()
 end
 
 defmodule Pleroma.HTML.Scrubber.Default do
@@ -75,7 +83,11 @@ defmodule Pleroma.HTML.Scrubber.Default do
   require HtmlSanitizeEx.Scrubber.Meta
   alias HtmlSanitizeEx.Scrubber.Meta
 
-  @valid_schemes ["http", "https"]
+  alias Pleroma.HTML
+
+  @markup Application.get_env(:pleroma, :markup)
+  @uri_schemes Application.get_env(:pleroma, :uri_schemes, [])
+  @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, [])
 
   Meta.remove_cdata_sections_before_scrub()
   Meta.strip_comments()
@@ -99,11 +111,11 @@ defmodule Pleroma.HTML.Scrubber.Default do
   Meta.allow_tag_with_these_attributes("u", [])
   Meta.allow_tag_with_these_attributes("ul", [])
 
-  @markup Application.get_env(:pleroma, :markup)
   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
 
   if @allow_inline_images do
-    Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
+    # restrict img tags to http/https only, because of MediaProxy.
+    Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 
     Meta.allow_tag_with_these_attributes("img", [
       "width",