From 255f46d7ab124d86a71e994deffca5f4f438b49b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 9 Sep 2018 23:29:00 +0000 Subject: html: new module providing a configurable markup scrubbing policy --- config/config.exs | 3 +++ 1 file changed, 3 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index ed718c3d3..559a12a91 100644 --- a/config/config.exs +++ b/config/config.exs @@ -76,6 +76,9 @@ config :pleroma, :instance, quarantined_instances: [], managed_config: true +config :pleroma, :markup, + scrub_policy: HtmlSanitizeEx.Scrubber.BasicHTML + config :pleroma, :fe, theme: "pleroma-dark", logo: "/static/logo.png", -- cgit v1.2.3 From 40e2f6e50034e81c3bf509e9dc9f2c938d86445d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:05:26 +0000 Subject: html: add default scrubbing profile and configuration knobs --- config/config.exs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 559a12a91..b3889ba12 100644 --- a/config/config.exs +++ b/config/config.exs @@ -77,7 +77,11 @@ config :pleroma, :instance, managed_config: true config :pleroma, :markup, - scrub_policy: HtmlSanitizeEx.Scrubber.BasicHTML + allow_inline_images: false, + allow_headings: false, + allow_tables: false, + allow_fonts: false, + scrub_policy: Pleroma.HTML.Scrubber.Default config :pleroma, :fe, theme: "pleroma-dark", -- cgit v1.2.3 From 358f88e10a7d3de0481309287b4b756087490dfc Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:23:23 +0000 Subject: html: allow inline images by default (because of custom emoji) --- config/config.exs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index b3889ba12..d5c5b7902 100644 --- a/config/config.exs +++ b/config/config.exs @@ -77,7 +77,9 @@ config :pleroma, :instance, managed_config: true config :pleroma, :markup, - allow_inline_images: false, + # XXX - unfortunately, inline images must be enabled by default right now, because + # of custom emoji. Issue #275 discusses defanging that somehow. + allow_inline_images: true, allow_headings: false, allow_tables: false, allow_fonts: false, -- cgit v1.2.3