1 defmodule Pleroma.HTML.Scrubber.Default do
2 @doc "The default HTML scrubbing policy: no "
4 require FastSanitize.Sanitizer.Meta
5 alias FastSanitize.Sanitizer.Meta
7 # credo:disable-for-previous-line
8 # No idea how to fix this oneā¦
10 @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
14 Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)
16 Meta.allow_tag_with_this_attribute_values(:a, "class", [
24 Meta.allow_tag_with_this_attribute_values(:a, "rel", [
32 Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
34 Meta.allow_tag_with_these_attributes(:abbr, ["title"])
36 Meta.allow_tag_with_these_attributes(:b, [])
37 Meta.allow_tag_with_these_attributes(:blockquote, [])
38 Meta.allow_tag_with_these_attributes(:br, [])
39 Meta.allow_tag_with_these_attributes(:code, [])
40 Meta.allow_tag_with_these_attributes(:del, [])
41 Meta.allow_tag_with_these_attributes(:em, [])
42 Meta.allow_tag_with_these_attributes(:hr, [])
43 Meta.allow_tag_with_these_attributes(:i, [])
44 Meta.allow_tag_with_these_attributes(:li, [])
45 Meta.allow_tag_with_these_attributes(:ol, [])
46 Meta.allow_tag_with_these_attributes(:p, [])
47 Meta.allow_tag_with_these_attributes(:pre, [])
48 Meta.allow_tag_with_these_attributes(:strong, [])
49 Meta.allow_tag_with_these_attributes(:sub, [])
50 Meta.allow_tag_with_these_attributes(:sup, [])
51 Meta.allow_tag_with_these_attributes(:ruby, [])
52 Meta.allow_tag_with_these_attributes(:rb, [])
53 Meta.allow_tag_with_these_attributes(:rp, [])
54 Meta.allow_tag_with_these_attributes(:rt, [])
55 Meta.allow_tag_with_these_attributes(:rtc, [])
56 Meta.allow_tag_with_these_attributes(:u, [])
57 Meta.allow_tag_with_these_attributes(:ul, [])
59 Meta.allow_tags_with_style_attributes([:span])
61 Meta.allow_tag_with_this_attribute_values(:span, "class", [
81 Meta.allow_tag_with_these_attributes(:span, [
90 Meta.allow_tag_with_this_attribute_values(:code, "class", ["inline"])
92 @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])
94 if @allow_inline_images do
95 # restrict img tags to http/https only, because of MediaProxy.
96 Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
98 Meta.allow_tag_with_these_attributes(:img, [
107 if Pleroma.Config.get([:markup, :allow_tables]) do
108 Meta.allow_tag_with_these_attributes(:table, [])
109 Meta.allow_tag_with_these_attributes(:tbody, [])
110 Meta.allow_tag_with_these_attributes(:td, [])
111 Meta.allow_tag_with_these_attributes(:th, [])
112 Meta.allow_tag_with_these_attributes(:thead, [])
113 Meta.allow_tag_with_these_attributes(:tr, [])
116 if Pleroma.Config.get([:markup, :allow_headings]) do
117 Meta.allow_tag_with_these_attributes(:h1, [])
118 Meta.allow_tag_with_these_attributes(:h2, [])
119 Meta.allow_tag_with_these_attributes(:h3, [])
120 Meta.allow_tag_with_these_attributes(:h4, [])
121 Meta.allow_tag_with_these_attributes(:h5, [])
124 if Pleroma.Config.get([:markup, :allow_fonts]) do
125 Meta.allow_tag_with_these_attributes(:font, ["face"])
128 Meta.allow_tag_with_these_attributes(:center, [])
129 Meta.allow_tag_with_these_attributes(:small, [])
131 Meta.strip_everything_not_covered()
133 defp scrub_css(value), do: value