about summary refs log tree commit diff
path: root/app/lib/sanitize_config.rb
AgeCommit message (Collapse)Author
2019-07-18unbreak logicmultiple creatures
2019-07-18exclude mentions & hashtags from anchor taggingmultiple creatures
2019-07-18add icons to user-specified link text & potentially misleading linksmultiple creatures
2019-07-18strip known tracking parameters (e.g., utm codes) from linksmultiple creatures
2019-05-21reimplement monsterpit bbcode and markdown extensions on top of new ↵multiple creatures
glitch-soc formatting system + bbcode feature parity + new `i:am` footer + set content type from `format` bangtag
2019-05-21re-add support for tags `sup`, `h6`, `hr`multiple creatures
2019-04-29Add support for missing formatting tagsThibaut Girka
2019-04-22Add support for lists in statusesThibaut Girka
2019-04-22Accept richer text from remote statusesThibaut Girka
Support abbr, del, pre, blockquote, code, strong, b, em, i, and h1…h5 HTML elements in remote statuses, add corresponding CSS.
2018-07-16Whitelist dat/ipfs/gopher links in sanitizer (#8034)Eugen Rochko
Fix #7994
2018-01-03[!] Sanitize incoming classlist properly (#6162)puckipedia
* Sanitize classlist properly * Actually properly sanitize every class after the first * Improve Formatter spec to check for multiple classes and non-space whitespace
2017-06-17Whitelist allowed classes for federated statuses (#3810)nightpool
* Whitelist allowed classes for federated statuses Allowed classes are currently: - Any microformats class (h/p/u/dt/e-*) - the classes mention, hashtag, ellipses and invisible. this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text. resolved #3790 * Fix code style
2017-06-07Allow "class" attribute on the "a" tag in sanitization (#3623)unarist
This preserves `<a ... class="u-url mention">` from other Mastodon instances.
2017-05-11Fix #1426 - Trim long usernames in public follower/following lists (#2993)Eugen Rochko
Fix #2221 - Catch OpenSSL exceptions when loading remote avatars/headers/attachments Don't strip "rel" attribute from <a> tags when sanitizing (microformats)
2017-04-30Add target=_blank to user note (#2622)Yamagishi Kazutoshi
* Add target=_blank to user note Open new window when click link from user profile in remote instance. * fix rubocop
2017-04-27OEmbed support for PreviewCard (#2337)Eugen Rochko
* OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller