diff options
| author | ThibG <thib@sitedethib.com> | 2020-02-09 12:56:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-09 12:56:12 +0100 |
| commit | d3aaa08730901e7c97c6aeb1ebf56f2a027c78a2 (patch) | |
| tree | 9fcb99dab28b01e0f85fbe7f27f406f92a031903 /app/lib | |
| parent | a2cfe3daaadabfaad71969a44c460bd76b8405ff (diff) | |
| parent | 432033743c409356bd11e0d7d96f14a3cc82fb77 (diff) | |
Merge pull request #1280 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'app/lib')
| -rw-r--r-- | app/lib/formatter.rb | 2 | ||||
| -rw-r--r-- | app/lib/sanitize_config.rb | 39 |
2 files changed, 38 insertions, 3 deletions
diff --git a/app/lib/formatter.rb b/app/lib/formatter.rb index f1a751f84..fcc99d009 100644 --- a/app/lib/formatter.rb +++ b/app/lib/formatter.rb @@ -77,6 +77,8 @@ class Formatter def reformat(html) sanitize(html, Sanitize::Config::MASTODON_STRICT) + rescue ArgumentError + '' end def plaintext(status) diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb index 2b5d554b5..e3fc94ba6 100644 --- a/app/lib/sanitize_config.rb +++ b/app/lib/sanitize_config.rb @@ -2,7 +2,23 @@ class Sanitize module Config - HTTP_PROTOCOLS ||= ['http', 'https', 'dat', 'dweb', 'ipfs', 'ipns', 'ssb', 'gopher', 'xmpp', 'magnet', :relative].freeze + HTTP_PROTOCOLS = %w( + http + https + ).freeze + + LINK_PROTOCOLS = %w( + http + https + dat + dweb + ipfs + ipns + ssb + gopher + xmpp + magnet + ).freeze CLASS_WHITELIST_TRANSFORMER = lambda do |env| node = env[:node] @@ -38,6 +54,22 @@ class Sanitize end end + UNSUPPORTED_HREF_TRANSFORMER = lambda do |env| + return unless env[:node_name] == 'a' + + current_node = env[:node] + + scheme = begin + if current_node['href'] =~ Sanitize::REGEX_PROTOCOL + Regexp.last_match(1).downcase + else + :relative + end + end + + current_node.replace(current_node.text) unless LINK_PROTOCOLS.include?(scheme) + end + MASTODON_STRICT ||= freeze_config( elements: %w(p br span a abbr del pre blockquote code b strong u sub sup i em h1 h2 h3 h4 h5 ul ol li), @@ -56,13 +88,14 @@ class Sanitize }, protocols: { - 'a' => { 'href' => HTTP_PROTOCOLS }, - 'blockquote' => { 'cite' => HTTP_PROTOCOLS }, + 'a' => { 'href' => LINK_PROTOCOLS }, + 'blockquote' => { 'cite' => LINK_PROTOCOLS }, }, transformers: [ CLASS_WHITELIST_TRANSFORMER, IMG_TAG_TRANSFORMER, + UNSUPPORTED_HREF_TRANSFORMER, ] ) |