squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Fork of Pleroma with site-specific changes and feature branches https://git.pleroma.social/pleroma/pleroma
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11155 Commits
154 Branches
503MB
Tree: f2665547f5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f2665547f5'
${ noResults }
pleroma/priv/scrubbers/default.ex

94 lines
2.9KB
Raw Blame History 

  1. defmodule Pleroma.HTML.Scrubber.Default do

  2.   @doc "The default HTML scrubbing policy: no "

  3. 

  4.   require FastSanitize.Sanitizer.Meta

  5.   alias FastSanitize.Sanitizer.Meta

  6. 

  7.   # credo:disable-for-previous-line

  8.   # No idea how to fix this one…

  9. 

  10.   @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])

  11. 

  12.   Meta.strip_comments()

  13. 

  14.   Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)

  15. 

  16.   Meta.allow_tag_with_this_attribute_values(:a, "class", [

  17.     "hashtag",

  18.     "u-url",

  19.     "mention",

  20.     "u-url mention",

  21.     "mention u-url"

  22.   ])

  23. 

  24.   Meta.allow_tag_with_this_attribute_values(:a, "rel", [

  25.     "tag",

  26.     "nofollow",

  27.     "noopener",

  28.     "noreferrer",

  29.     "ugc"

  30.   ])

  31. 

  32.   Meta.allow_tag_with_these_attributes(:a, ["name", "title"])

  33. 

  34.   Meta.allow_tag_with_these_attributes(:abbr, ["title"])

  35. 

  36.   Meta.allow_tag_with_these_attributes(:b, [])

  37.   Meta.allow_tag_with_these_attributes(:blockquote, [])

  38.   Meta.allow_tag_with_these_attributes(:br, [])

  39.   Meta.allow_tag_with_these_attributes(:code, [])

  40.   Meta.allow_tag_with_these_attributes(:del, [])

  41.   Meta.allow_tag_with_these_attributes(:em, [])

  42.   Meta.allow_tag_with_these_attributes(:i, [])

  43.   Meta.allow_tag_with_these_attributes(:li, [])

  44.   Meta.allow_tag_with_these_attributes(:ol, [])

  45.   Meta.allow_tag_with_these_attributes(:p, [])

  46.   Meta.allow_tag_with_these_attributes(:pre, [])

  47.   Meta.allow_tag_with_these_attributes(:strong, [])

  48.   Meta.allow_tag_with_these_attributes(:sub, [])

  49.   Meta.allow_tag_with_these_attributes(:sup, [])

  50.   Meta.allow_tag_with_these_attributes(:u, [])

  51.   Meta.allow_tag_with_these_attributes(:ul, [])

  52. 

  53.   Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"])

  54.   Meta.allow_tag_with_these_attributes(:span, [])

  55. 

  56.   @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])

  57. 

  58.   if @allow_inline_images do

  59.     # restrict img tags to http/https only, because of MediaProxy.

  60.     Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])

  61. 

  62.     Meta.allow_tag_with_these_attributes(:img, [

  63.       "width",

  64.       "height",

  65.       "class",

  66.       "title",

  67.       "alt"

  68.     ])

  69.   end

  70. 

  71.   if Pleroma.Config.get([:markup, :allow_tables]) do

  72.     Meta.allow_tag_with_these_attributes(:table, [])

  73.     Meta.allow_tag_with_these_attributes(:tbody, [])

  74.     Meta.allow_tag_with_these_attributes(:td, [])

  75.     Meta.allow_tag_with_these_attributes(:th, [])

  76.     Meta.allow_tag_with_these_attributes(:thead, [])

  77.     Meta.allow_tag_with_these_attributes(:tr, [])

  78.   end

  79. 

  80.   if Pleroma.Config.get([:markup, :allow_headings]) do

  81.     Meta.allow_tag_with_these_attributes(:h1, [])

  82.     Meta.allow_tag_with_these_attributes(:h2, [])

  83.     Meta.allow_tag_with_these_attributes(:h3, [])

  84.     Meta.allow_tag_with_these_attributes(:h4, [])

  85.     Meta.allow_tag_with_these_attributes(:h5, [])

  86.   end

  87. 

  88.   if Pleroma.Config.get([:markup, :allow_fonts]) do

  89.     Meta.allow_tag_with_these_attributes(:font, ["face"])

  90.   end

  91. 

  92.   Meta.strip_everything_not_covered()

  93. end