diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/formatter.ex | 27 | ||||
| -rw-r--r-- | lib/pleroma/html.ex | 37 | 
2 files changed, 15 insertions, 49 deletions
| diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 5b63fb795..d7de5b483 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -171,25 +171,8 @@ defmodule Pleroma.Formatter do    @link_regex ~r/[0-9a-z+\-\.]+:[0-9a-z$-_.+!*'(),]+/ui -  # IANA got a list https://www.iana.org/assignments/uri-schemes/ but -  # Stuff like ipfs isn’t in it -  # There is very niche stuff -  @uri_schemes [ -    "https://", -    "http://", -    "dat://", -    "dweb://", -    "gopher://", -    "ipfs://", -    "ipns://", -    "irc:", -    "ircs:", -    "magnet:", -    "mailto:", -    "mumble:", -    "ssb://", -    "xmpp:" -  ] +  @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) +  @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, [])    # TODO: make it use something other than @link_regex    def html_escape(text, "text/html") do @@ -207,14 +190,10 @@ defmodule Pleroma.Formatter do    @doc "changes scheme:... urls to html links"    def add_links({subs, text}) do -    additionnal_schemes = -      Application.get_env(:pleroma, :uri_schemes, []) -      |> Keyword.get(:additionnal_schemes, []) -      links =        text        |> String.split([" ", "\t", "<br>"]) -      |> Enum.filter(fn word -> String.starts_with?(word, @uri_schemes ++ additionnal_schemes) end) +      |> Enum.filter(fn word -> String.starts_with?(word, @valid_schemes) end)        |> Enum.filter(fn word -> Regex.match?(@link_regex, word) end)        |> Enum.map(fn url -> {Ecto.UUID.generate(), url} end)        |> Enum.sort_by(fn {_, url} -> -String.length(url) end) diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 8a5ede614..2d2155b82 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -3,25 +3,6 @@ defmodule Pleroma.HTML do    @markup Application.get_env(:pleroma, :markup) -  def valid_schemes() do -    [ -      "https://", -      "http://", -      "dat://", -      "dweb://", -      "gopher://", -      "ipfs://", -      "ipns://", -      "irc:", -      "ircs:", -      "magnet:", -      "mailto:", -      "mumble:", -      "ssb://", -      "xmpp:" -    ] -  end -    defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber]    defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers    defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default] @@ -55,6 +36,10 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do    paragraphs, breaks and links are allowed through the filter.    """ +  @markup Application.get_env(:pleroma, :markup) +  @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) +  @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) +    require HtmlSanitizeEx.Scrubber.Meta    alias HtmlSanitizeEx.Scrubber.Meta @@ -64,7 +49,7 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do    Meta.strip_comments()    # links -  Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes()) +  Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)    Meta.allow_tag_with_these_attributes("a", ["name", "title"])    # paragraphs and linebreaks @@ -75,11 +60,10 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do    Meta.allow_tag_with_these_attributes("span", [])    # allow inline images for custom emoji -  @markup Application.get_env(:pleroma, :markup)    @allow_inline_images Keyword.get(@markup, :allow_inline_images)    if @allow_inline_images do -    Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes()) +    Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)      Meta.allow_tag_with_these_attributes("img", [        "width", @@ -100,10 +84,14 @@ defmodule Pleroma.HTML.Scrubber.Default do    alias Pleroma.HTML +  @markup Application.get_env(:pleroma, :markup) +  @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) +  @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) +    Meta.remove_cdata_sections_before_scrub()    Meta.strip_comments() -  Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes()) +  Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)    Meta.allow_tag_with_these_attributes("a", ["name", "title"])    Meta.allow_tag_with_these_attributes("b", []) @@ -122,11 +110,10 @@ defmodule Pleroma.HTML.Scrubber.Default do    Meta.allow_tag_with_these_attributes("u", [])    Meta.allow_tag_with_these_attributes("ul", []) -  @markup Application.get_env(:pleroma, :markup)    @allow_inline_images Keyword.get(@markup, :allow_inline_images)    if @allow_inline_images do -    Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes()) +    Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)      Meta.allow_tag_with_these_attributes("img", [        "width", | 
