diff options
Diffstat (limited to 'app/lib')
-rw-r--r-- | app/lib/formatter.rb | 2 | ||||
-rw-r--r-- | app/lib/sanitize_config.rb | 39 |
2 files changed, 38 insertions, 3 deletions
diff --git a/app/lib/formatter.rb b/app/lib/formatter.rb index f1a751f84..fcc99d009 100644 --- a/app/lib/formatter.rb +++ b/app/lib/formatter.rb @@ -77,6 +77,8 @@ class Formatter def reformat(html) sanitize(html, Sanitize::Config::MASTODON_STRICT) + rescue ArgumentError + '' end def plaintext(status) diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb index 2b5d554b5..e3fc94ba6 100644 --- a/app/lib/sanitize_config.rb +++ b/app/lib/sanitize_config.rb @@ -2,7 +2,23 @@ class Sanitize module Config - HTTP_PROTOCOLS ||= ['http', 'https', 'dat', 'dweb', 'ipfs', 'ipns', 'ssb', 'gopher', 'xmpp', 'magnet', :relative].freeze + HTTP_PROTOCOLS = %w( + http + https + ).freeze + + LINK_PROTOCOLS = %w( + http + https + dat + dweb + ipfs + ipns + ssb + gopher + xmpp + magnet + ).freeze CLASS_WHITELIST_TRANSFORMER = lambda do |env| node = env[:node] @@ -38,6 +54,22 @@ class Sanitize end end + UNSUPPORTED_HREF_TRANSFORMER = lambda do |env| + return unless env[:node_name] == 'a' + + current_node = env[:node] + + scheme = begin + if current_node['href'] =~ Sanitize::REGEX_PROTOCOL + Regexp.last_match(1).downcase + else + :relative + end + end + + current_node.replace(current_node.text) unless LINK_PROTOCOLS.include?(scheme) + end + MASTODON_STRICT ||= freeze_config( elements: %w(p br span a abbr del pre blockquote code b strong u sub sup i em h1 h2 h3 h4 h5 ul ol li), @@ -56,13 +88,14 @@ class Sanitize }, protocols: { - 'a' => { 'href' => HTTP_PROTOCOLS }, - 'blockquote' => { 'cite' => HTTP_PROTOCOLS }, + 'a' => { 'href' => LINK_PROTOCOLS }, + 'blockquote' => { 'cite' => LINK_PROTOCOLS }, }, transformers: [ CLASS_WHITELIST_TRANSFORMER, IMG_TAG_TRANSFORMER, + UNSUPPORTED_HREF_TRANSFORMER, ] ) |