From 88725d6ce85115ea3b0652007db5d40a1c069be3 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 27 Apr 2017 14:42:22 +0200
Subject: OEmbed support for PreviewCard (#2337)

* OEmbed support for PreviewCard

* Improve ProviderDiscovery code failure treatment

* Do not crawl links if there is a content warning, since those
don't display a link card anyway

* Reset db schema

* Fresh migrate

* Fix rubocop style issues
Fix #1681 - return existing access token when applicable instead of creating new

* Fix test

* Extract http client to helper

* Improve oembed controller
---
 app/lib/formatter.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'app/lib/formatter.rb')

diff --git a/app/lib/formatter.rb b/app/lib/formatter.rb
index 1d8e90d1f..5ae6238d9 100644
--- a/app/lib/formatter.rb
+++ b/app/lib/formatter.rb
@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
 require 'singleton'
+require_relative './sanitize_config'
 
 class Formatter
   include Singleton
   include RoutingHelper
 
   include ActionView::Helpers::TextHelper
-  include ActionView::Helpers::SanitizeHelper
 
   def format(status)
     return reformat(status.content) unless status.local?
@@ -23,7 +23,7 @@ class Formatter
   end
 
   def reformat(html)
-    sanitize(html, tags: %w(a br p span), attributes: %w(href rel class))
+    sanitize(html, Sanitize::Config::MASTODON_STRICT)
   end
 
   def plaintext(status)
@@ -43,6 +43,10 @@ class Formatter
     html.html_safe # rubocop:disable Rails/OutputSafety
   end
 
+  def sanitize(html, config)
+    Sanitize.fragment(html, config)
+  end
+
   private
 
   def encode(html)
-- 
cgit