about summary refs log tree commit diff
path: root/app/lib/sanitize_config.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/lib/sanitize_config.rb')
-rw-r--r--app/lib/sanitize_config.rb42
1 files changed, 42 insertions, 0 deletions
diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb
new file mode 100644
index 000000000..7cf1c3062
--- /dev/null
+++ b/app/lib/sanitize_config.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+class Sanitize
+  module Config
+    HTTP_PROTOCOLS ||= ['http', 'https', :relative].freeze
+
+    MASTODON_STRICT ||= freeze_config(
+      elements: %w(p br span a),
+
+      attributes: {
+        'a'    => %w(href),
+        'span' => %w(class),
+      },
+
+      protocols: {
+        'a' => { 'href' => HTTP_PROTOCOLS },
+      }
+    )
+
+    MASTODON_OEMBED ||= freeze_config merge(
+      RELAXED,
+      elements: RELAXED[:elements] + %w(audio embed iframe source video),
+
+      attributes: merge(
+        RELAXED[:attributes],
+        'audio'  => %w(controls),
+        'embed'  => %w(height src type width),
+        'iframe' => %w(allowfullscreen frameborder height scrolling src width),
+        'source' => %w(src type),
+        'video'  => %w(controls height loop width),
+        'div'    => [:data]
+      ),
+
+      protocols: merge(
+        RELAXED[:protocols],
+        'embed'  => { 'src' => HTTP_PROTOCOLS },
+        'iframe' => { 'src' => HTTP_PROTOCOLS },
+        'source' => { 'src' => HTTP_PROTOCOLS }
+      )
+    )
+  end
+end
generated by cgit-pink (git 2.37.1) at 2024-07-04 13:06:35 +0000