html scrubbing policies: restrict img tags to http/https only for mediaproxy compatibility

This commit is contained in:
William Pitcock 2018-10-18 14:29:31 +00:00
parent 2154c5dcd8
commit 595d855f0e

View File

@ -63,7 +63,8 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
@allow_inline_images Keyword.get(@markup, :allow_inline_images)
if @allow_inline_images do
Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
# restrict img tags to http/https only, because of MediaProxy.
Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
Meta.allow_tag_with_these_attributes("img", [
"width",
@ -113,7 +114,8 @@ defmodule Pleroma.HTML.Scrubber.Default do
@allow_inline_images Keyword.get(@markup, :allow_inline_images)
if @allow_inline_images do
Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
# restrict img tags to http/https only, because of MediaProxy.
Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
Meta.allow_tag_with_these_attributes("img", [
"width",