X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fhtml.ex;h=1b920d7fd5cf95781bbaa08d6d5f9107ad810658;hb=848151f7cbf372d008c178d13c9a74942164c955;hp=8a5ede614247f90a8d56efb4552c0d6e1a0a11f4;hpb=d7654c77de1f027091a380630559bbda9abb9540;p=akkoma diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 8a5ede614..1b920d7fd 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -1,33 +1,12 @@ defmodule Pleroma.HTML do alias HtmlSanitizeEx.Scrubber - @markup Application.get_env(:pleroma, :markup) - - def valid_schemes() do - [ - "https://", - "http://", - "dat://", - "dweb://", - "gopher://", - "ipfs://", - "ipns://", - "irc:", - "ircs:", - "magnet:", - "mailto:", - "mumble:", - "ssb://", - "xmpp:" - ] - end - defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber] defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default] def get_scrubbers() do - Keyword.get(@markup, :scrub_policy) + Pleroma.Config.get([:markup, :scrub_policy]) |> get_scrubbers end @@ -55,16 +34,18 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do paragraphs, breaks and links are allowed through the filter. """ + @markup Application.get_env(:pleroma, :markup) + @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) + @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) + require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta - alias Pleroma.HTML - Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() # links - Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes()) + Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) # paragraphs and linebreaks @@ -75,11 +56,11 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do Meta.allow_tag_with_these_attributes("span", []) # allow inline images for custom emoji - @markup Application.get_env(:pleroma, :markup) @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do - Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes()) + # restrict img tags to http/https only, because of MediaProxy. + Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"]) Meta.allow_tag_with_these_attributes("img", [ "width", @@ -98,14 +79,18 @@ defmodule Pleroma.HTML.Scrubber.Default do require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta - alias Pleroma.HTML + @markup Application.get_env(:pleroma, :markup) + @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) + @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() - Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes()) + Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + Meta.allow_tag_with_these_attributes("abbr", ["title"]) + Meta.allow_tag_with_these_attributes("b", []) Meta.allow_tag_with_these_attributes("blockquote", []) Meta.allow_tag_with_these_attributes("br", []) @@ -122,11 +107,11 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.allow_tag_with_these_attributes("u", []) Meta.allow_tag_with_these_attributes("ul", []) - @markup Application.get_env(:pleroma, :markup) @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do - Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes()) + # restrict img tags to http/https only, because of MediaProxy. + Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"]) Meta.allow_tag_with_these_attributes("img", [ "width", @@ -192,6 +177,8 @@ defmodule Pleroma.HTML.Transform.MediaProxy do {"img", attributes, children} end + def scrub({:comment, children}), do: "" + def scrub({tag, attributes, children}), do: {tag, attributes, children} def scrub({tag, children}), do: children def scrub(text), do: text