Age | Commit message (Collapse) | Author |
|
- Disallow links with relative paths
- Disallow iframes with non-http protocols and relative paths
Close #13037
|
|
|
|
* Fix wrong grouping in Twitter valid_url regex
* Add support for xmpp URIs
Fixes #9776
The difficult part is autolinking, because Twitter-text's extractor does
some pretty ad-hoc stuff to find things that “look like” URLs, and XMPP
URIs do not really match the assumptions of that lib, so it doesn't sound
wise to try to shoehorn it into the existing regex.
This is why I used a specific regex (very close, although slightly more
permissive than the RFC), and a specific scan function (a simplified version
of the generalized one from Twitter).
* Remove leading “xmpp:” from auto-linked text
|
|
|
|
* Add test
* Fix code for sanitizing nested lists stripping all tags
|
|
Fix #10834
|
|
Fix #7994
|
|
* Sanitize classlist properly
* Actually properly sanitize every class after the first
* Improve Formatter spec to check for multiple classes and non-space whitespace
|
|
* Whitelist allowed classes for federated statuses
Allowed classes are currently:
- Any microformats class (h/p/u/dt/e-*)
- the classes mention, hashtag, ellipses and invisible.
this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text.
resolved #3790
* Fix code style
|
|
This preserves `<a ... class="u-url mention">` from other Mastodon instances.
|
|
Fix #2221 - Catch OpenSSL exceptions when loading remote avatars/headers/attachments
Don't strip "rel" attribute from <a> tags when sanitizing (microformats)
|
|
* Add target=_blank to user note
Open new window when click link from user profile in remote instance.
* fix rubocop
|
|
* OEmbed support for PreviewCard
* Improve ProviderDiscovery code failure treatment
* Do not crawl links if there is a content warning, since those
don't display a link card anyway
* Reset db schema
* Fresh migrate
* Fix rubocop style issues
Fix #1681 - return existing access token when applicable instead of creating new
* Fix test
* Extract http client to helper
* Improve oembed controller
|