X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fhtml.ex;h=7f1dbe28c81ce1e9a94cb43ae96bc0291d8cfb17;hb=9aeac7dccac802073977c8149b2dda1f0ce07226;hp=fb602d6b6186335f1b4174f59fd6e70de9036648;hpb=c410fe960cfc599b7ce425ad341f172780093fcf;p=akkoma diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index fb602d6b6..7f1dbe28c 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -9,7 +9,7 @@ defmodule Pleroma.HTML do defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default] - def get_scrubbers() do + def get_scrubbers do Pleroma.Config.get([:markup, :scrub_policy]) |> get_scrubbers end @@ -28,27 +28,39 @@ defmodule Pleroma.HTML do def filter_tags(html), do: filter_tags(html, nil) def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags) - def get_cached_scrubbed_html_for_object(content, scrubbers, object, module) do - key = "#{module}#{generate_scrubber_signature(scrubbers)}|#{object.id}" - Cachex.fetch!(:scrubber_cache, key, fn _key -> ensure_scrubbed_html(content, scrubbers) end) + def get_cached_scrubbed_html_for_activity(content, scrubbers, activity, key \\ "") do + key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}" + + Cachex.fetch!(:scrubber_cache, key, fn _key -> + ensure_scrubbed_html(content, scrubbers, activity.data["object"]["fake"] || false) + end) end - def get_cached_stripped_html_for_object(content, object, module) do - get_cached_scrubbed_html_for_object( + def get_cached_stripped_html_for_activity(content, activity, key) do + get_cached_scrubbed_html_for_activity( content, HtmlSanitizeEx.Scrubber.StripTags, - object, - module + activity, + key ) end def ensure_scrubbed_html( content, - scrubbers + scrubbers, + false = _fake ) do {:commit, filter_tags(content, scrubbers)} end + def ensure_scrubbed_html( + content, + scrubbers, + true = _fake + ) do + {:ignore, filter_tags(content, scrubbers)} + end + defp generate_scrubber_signature(scrubber) when is_atom(scrubber) do generate_scrubber_signature([scrubber]) end @@ -59,6 +71,8 @@ defmodule Pleroma.HTML do end) end + def extract_first_external_url(_, nil), do: {:error, "No content"} + def extract_first_external_url(object, content) do key = "URL|#{object.id}" @@ -69,7 +83,7 @@ defmodule Pleroma.HTML do |> Floki.attribute("a", "href") |> Enum.at(0) - {:commit, result} + {:commit, {:ok, result}} end) end end @@ -81,8 +95,7 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do """ @markup Application.get_env(:pleroma, :markup) - @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) - @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) + @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], []) require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta @@ -94,6 +107,13 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title", "class"]) + Meta.allow_tag_with_this_attribute_values("a", "rel", [ + "tag", + "nofollow", + "noopener", + "noreferrer" + ]) + # paragraphs and linebreaks Meta.allow_tag_with_these_attributes("br", []) Meta.allow_tag_with_these_attributes("p", []) @@ -124,10 +144,11 @@ defmodule Pleroma.HTML.Scrubber.Default do require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta + # credo:disable-for-previous-line + # No idea how to fix this one… @markup Application.get_env(:pleroma, :markup) - @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) - @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) + @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], []) Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() @@ -135,6 +156,13 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title", "class"]) + Meta.allow_tag_with_this_attribute_values("a", "rel", [ + "tag", + "nofollow", + "noopener", + "noreferrer" + ]) + Meta.allow_tag_with_these_attributes("abbr", ["title"]) Meta.allow_tag_with_these_attributes("b", [])