From 88725d6ce85115ea3b0652007db5d40a1c069be3 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 27 Apr 2017 14:42:22 +0200 Subject: OEmbed support for PreviewCard (#2337) * OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller --- app/lib/sanitize_config.rb | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 app/lib/sanitize_config.rb (limited to 'app/lib/sanitize_config.rb') diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb new file mode 100644 index 000000000..7cf1c3062 --- /dev/null +++ b/app/lib/sanitize_config.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +class Sanitize + module Config + HTTP_PROTOCOLS ||= ['http', 'https', :relative].freeze + + MASTODON_STRICT ||= freeze_config( + elements: %w(p br span a), + + attributes: { + 'a' => %w(href), + 'span' => %w(class), + }, + + protocols: { + 'a' => { 'href' => HTTP_PROTOCOLS }, + } + ) + + MASTODON_OEMBED ||= freeze_config merge( + RELAXED, + elements: RELAXED[:elements] + %w(audio embed iframe source video), + + attributes: merge( + RELAXED[:attributes], + 'audio' => %w(controls), + 'embed' => %w(height src type width), + 'iframe' => %w(allowfullscreen frameborder height scrolling src width), + 'source' => %w(src type), + 'video' => %w(controls height loop width), + 'div' => [:data] + ), + + protocols: merge( + RELAXED[:protocols], + 'embed' => { 'src' => HTTP_PROTOCOLS }, + 'iframe' => { 'src' => HTTP_PROTOCOLS }, + 'source' => { 'src' => HTTP_PROTOCOLS } + ) + ) + end +end -- cgit