about summary refs log tree commit diff
path: root/app/lib/sanitize_config.rb
AgeCommit message (Collapse)Author
2020-10-30Merge branch 'glitch' into mainStarfall
2020-10-21Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `.github/dependabot.yml`: Updated upstream, we deleted it to not be flooded by Depandabot. Kept deleted. - `Gemfile.lock`: Puma updated on both sides, went for the most recent version. - `app/controllers/api/v1/mutes_controller.rb`: Upstream updated the serializer to support timed mutes, while glitch-soc added a custom API ages ago to get information that is already available elsewhere. Dropped the glitch-soc-specific API, went with upstream changes. - `app/javascript/core/admin.js`: Conflict due to changing how assets are loaded. Went with upstream. - `app/javascript/packs/public.js`: Conflict due to changing how assets are loaded. Went with upstream. - `app/models/mute.rb`: 🤷 - `app/models/user.rb`: New user setting added upstream while we have glitch-soc-specific user settings. Added upstream's user setting. - `config/settings.yml`: Upstream added a new user setting close to a user setting we had changed the defaults for. Added the new upstream setting. - `package.json`: Upstream dependency updated “too close” to a glitch-soc-specific dependency. No real conflict. Updated the dependency.
2020-10-19Add support for Gemini urls (#15013)Josh Leeb-du Toit
This PR updates the `valid_url` regex and sanitizer allowlist to provide support for Gemini urls. Closes #14991
2020-07-01Merge branch 'glitch' into mainStarfall
2020-07-01Add support for li attribute to li elementThibaut Girka
2020-07-01Add support for “start” and “reversed” attributes to ol elementThibaut Girka
Fixes #1367
2020-05-31Merge branch 'glitch'Starfall
2020-05-28Fix exception when trying to serialize posts with <a> tags in them without ↵Ben Lubar
hrefs (#1334) * fix exception when trying to serialize posts with <a> tags in them without hrefs * Add tests Co-authored-by: Thibaut Girka <thib@sitedethib.com>
2020-05-17Accept incoming summary/details tags (e.g. friendica's spoilers)Starfall
2020-05-17Allow gemini linksStarfall
2020-03-24Make sanitizer *not* add no-referrer etc. in local markdown toots if the ↵Thibaut Girka
link is “safe”
2020-03-24Fix glitch-soc marking every link in toots as a tagThibaut Girka
Fixes #1281
2020-02-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `Gemfile`: We updated httplog in a separate commit. Took upstream's change which updated it further. - `Gemfile.lock`: We updated httplog in a separate commit. Took upstream's change which updated it further. - `app/lib/sanitize_config.rb`: Upstream added better unsupported link stripping, while we had different sanitizing configs. Took only upstream's link stripping code. - `config/locales/simple_form.pl.yml`: Strings unused in glitch-soc had been removed from glitch-soc, reintroduced them even if they are not useful, to reduce the risk of later merge conflicts.
2020-02-08Fix rendering `<a>` without `href` when scheme unsupported (#13040)Eugen Rochko
- Disallow links with relative paths - Disallow iframes with non-http protocols and relative paths Close #13037
2020-01-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/statuses_controller.rb`: Minor conflict due to theming system
2020-01-23Add support for magnet: URIs (#12905)ThibG
2020-01-12Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `Gemfile.lock`: No real conflict, glitch-soc-only dependency (redcarpet) too close to an upstream one (rdf-normalize) - `README.md`: we have different READMEs, discarded upstream's changes - `app/views/admin/custom_emojis/index.html.haml`: No real conflict, different context because of glitch-soc theming - `lib/mastodon/statuses_cli.rb`: Upstream added code to keep bookmarked statuses, we were already doing so with slightly different code. Discarded upstream's changes. - `package.json`: No real conflict, glitch-soc-only dependency (favico.js) too close to an upstream one
2020-01-11Add support for linking XMPP URIs in toots (#12709)ThibG
* Fix wrong grouping in Twitter valid_url regex * Add support for xmpp URIs Fixes #9776 The difficult part is autolinking, because Twitter-text's extractor does some pretty ad-hoc stuff to find things that “look like” URLs, and XMPP URIs do not really match the assumptions of that lib, so it doesn't sound wise to try to shoehorn it into the existing regex. This is why I used a specific regex (very close, although slightly more permissive than the RFC), and a specific scan function (a simplified version of the generalized one from Twitter). * Remove leading “xmpp:” from auto-linked text
2019-10-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - README.md - app/helpers/statuses_helper.rb Upstream moved account helpers to their own file, we had extra helpers there, moved too. - app/lib/sanitize_config.rb - app/models/user.rb - app/serializers/initial_state_serializer.rb - config/locales/simple_form.en.yml - spec/lib/sanitize_config_spec.rb
2019-10-24Add noopener and/or noreferrer (#12202)BSKY
2019-08-20Add support for <sup> formatting elementHaelwenn (lanodan) Monnier
This is based of 3e095cab83f3e88c5f5f4ca9d7029379ed5b5b56 Related: https://git.pleroma.social/pleroma/pleroma/issues/1191
2019-07-19Fix sanitizing lists contents (#11354)ThibG
* Add test * Fix code for sanitizing nested lists stripping all tags
2019-06-16Fix sanitizer making block level elements unreadable (#10836)Eugen Rochko
Fix #10834
2019-05-28Truncate long URLs while providing alt text for inline imagesThibaut Girka
2019-05-28Translate incoming remote img tags by a linkThibaut Girka
2019-05-23Allow rel=tag in status textThibaut Girka
Fixes tag links in local Markdown or HTML-authored statuses
2019-04-29Add support for missing formatting tagsThibaut Girka
2019-04-22Add support for lists in statusesThibaut Girka
2019-04-22Accept richer text from remote statusesThibaut Girka
Support abbr, del, pre, blockquote, code, strong, b, em, i, and h1…h5 HTML elements in remote statuses, add corresponding CSS.
2018-07-16Whitelist dat/ipfs/gopher links in sanitizer (#8034)Eugen Rochko
Fix #7994
2018-01-03[!] Sanitize incoming classlist properly (#6162)puckipedia
* Sanitize classlist properly * Actually properly sanitize every class after the first * Improve Formatter spec to check for multiple classes and non-space whitespace
2017-06-17Whitelist allowed classes for federated statuses (#3810)nightpool
* Whitelist allowed classes for federated statuses Allowed classes are currently: - Any microformats class (h/p/u/dt/e-*) - the classes mention, hashtag, ellipses and invisible. this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text. resolved #3790 * Fix code style
2017-06-07Allow "class" attribute on the "a" tag in sanitization (#3623)unarist
This preserves `<a ... class="u-url mention">` from other Mastodon instances.
2017-05-11Fix #1426 - Trim long usernames in public follower/following lists (#2993)Eugen Rochko
Fix #2221 - Catch OpenSSL exceptions when loading remote avatars/headers/attachments Don't strip "rel" attribute from <a> tags when sanitizing (microformats)
2017-04-30Add target=_blank to user note (#2622)Yamagishi Kazutoshi
* Add target=_blank to user note Open new window when click link from user profile in remote instance. * fix rubocop
2017-04-27OEmbed support for PreviewCard (#2337)Eugen Rochko
* OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller