Commit graph

54 commits

Author SHA1 Message Date
rinpatch 08f6837065 Switch from HtmlSanitizeEx to FastSanitize 2019-10-29 01:18:08 +03:00
Egor Kislitsyn cf3041220a Add support for rel="ugc" 2019-09-19 14:56:10 +07:00
lain ef43016b2c Merge branch 'feature/custom-fields' into 'develop'
Add custom profile fields

See merge request pleroma/pleroma!1488
2019-08-20 12:44:14 +00:00
Haelwenn (lanodan) Monnier a6a814420d
html.ex: Allow sub and sup elements by default
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1191
2019-08-14 22:49:13 +02:00
Egor Kislitsyn f7bbf99caa Use info.fields instead of source_data for remote users 2019-08-14 14:52:54 +07:00
rinpatch 035368d363 Rich Media: Skip Microformats hashtags
When fixing this problem I incorrectly assumed a.hashtag is
the proper way for detecting hashtags, but it is just something Pleroma and
Mastodon add. Per microformats it should be detected by the presense of rel=tag.

This MR adds a check for rel=tag, but I still left a.hashtag just in case
2019-06-19 00:46:30 +03:00
rinpatch d0ebc0edf3 Fix hashtags being picked up by rich media parser
Closes #989
2019-06-14 14:34:42 +03:00
Egor Kislitsyn 99f70c7e20 Use Pleroma.Config everywhere 2019-05-30 15:33:58 +07:00
Haelwenn (lanodan) Monnier 85b5c60694
Pleroma.Formatter: width/height to class=emoji 2019-05-03 16:25:58 +02:00
rinpatch 51e26f14f7 Remove redundant ensure_scrubbed_html
It is never used as handling for fake and non-fake activities was merged
into one function above it
2019-05-01 13:52:44 +03:00
Sachin Joshi 85fa2fbce4 add scrubber for html special char 2019-05-01 01:37:17 +05:45
kaniini 030a7876b4 Merge branch 'security/fix-html-class-scrubbing' into 'develop'
html: lock down allowed class attributes to only those related to microformats

See merge request pleroma/pleroma!1090
2019-04-23 23:07:56 +00:00
William Pitcock f5535e5743 html: lock down allowed class attributes to only those related to microformats 2019-04-23 23:03:45 +00:00
rinpatch 627e5a0a49 Merge branch 'develop' into feature/database-compaction 2019-04-17 12:22:32 +03:00
rinpatch f0f30019e1 Refactor html caching functions to have a key instead of a module, use more correct terminology and fix summaries in mastoapi 2019-04-05 15:19:44 +03:00
rinpatch 975482f091 insert object defaults for fake activities and make credo happy 2019-04-01 12:16:51 +03:00
rinpatch 45ba10bf47 Fix the issue with HTML scrubber 2019-04-01 11:55:59 +03:00
Fong-Wan Chau 4ed2618f6c Allow 'rel' attribute on <a> link with specific values (for hashtag recognition). 2019-03-17 11:03:19 -04:00
Haelwenn (lanodan) Monnier fb82f6fc7c
[Credo] Remove parentesis on argument-less functions 2019-03-13 04:26:56 +01:00
Haelwenn (lanodan) Monnier 381fe44172
HTML.Scrubber.Default: Consistency 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier 2272934a5e
Stash 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier 60ea29dfe6
Credo fixes: alias grouping/ordering 2019-02-09 14:59:20 +01:00
William Pitcock a2bb5d890d html: don't attempt to parse nil content 2019-02-05 05:06:17 +00:00
William Pitcock ddb5545202 rich media: kill some testsuite noise 2019-01-28 20:55:33 +00:00
William Pitcock be9abb2cc5 html: add utility function to extract first URL from an object and cache the result 2019-01-26 14:55:12 +00:00
William Pitcock 1ddab78247 html: allow microformats-related markup through the html filter 2019-01-16 03:54:01 +00:00
Rin Toshaka 1e2d58982e oopsies 2019-01-05 00:25:31 +01:00
Rin Toshaka 846082e54f Different caches based on the module. Remove scrubber version since it is not relevant anymore 2019-01-05 00:19:46 +01:00
William Pitcock 980b5288ed update copyright years to 2019 2018-12-31 15:41:47 +00:00
Rin Toshaka 7e09c2bd7d Move scrubber cache-related functions to Pleroma.HTML 2018-12-31 08:19:48 +01:00
Rin Toshaka c50353e6ae shame on me for not testing after revert 2018-12-30 20:44:17 +01:00
Rin Toshaka 3f9da55adc Fix formating. Aparently my pre-commit hook broke. 2018-12-30 20:16:42 +01:00
Rin Toshaka 62af23bd26 Revert some changes in html.ex 2018-12-30 20:12:12 +01:00
Rin Toshaka 19f9889fbe I am not sure what's going on anymore so I'll just commit and reset all the other files to HEAD 2018-12-29 17:45:50 +01:00
William Pitcock 2791ce9a1f add license boilerplate to pleroma core 2018-12-23 20:56:42 +00:00
Maksim Pechnikov baead4ea4b fix markdown formatting 2018-12-14 16:03:58 +03:00
Maksim Pechnikov 074fa790ba fix compile warnings 2018-12-09 20:50:08 +03:00
Vald 194869c7db added data attrs to twitter scrubber 2018-12-06 02:14:56 +05:30
Vald 3ccfe226c0 added data attrs for user and tag 2018-12-06 01:05:41 +05:30
href 5bb88fd174
Runtime configuration
Related to #85

Everything should now be configured at runtime, with the exception of
the `Pleroma.HTML` scrubbers (the scrubbers used can be
changed at runtime, but their configuration is compile-time) because
it's building a module with a macro.
2018-11-06 19:41:15 +01:00
scarlett 795634c90f Allow use of the abbr HTML tag. 2018-10-30 21:40:06 +00:00
William Pitcock 8613db0e3b html: ensure comments are correctly scrubbed 2018-10-23 00:48:49 +00:00
William Pitcock 595d855f0e html scrubbing policies: restrict img tags to http/https only for mediaproxy compatibility 2018-10-18 14:29:31 +00:00
Haelwenn (lanodan) Monnier 2154c5dcd8
lib/pleroma/html.ex: Use macros for valid_schemes, change config for schemes 2018-10-18 07:58:15 +02:00
Haelwenn (lanodan) Monnier d7654c77de
lib/pleroma/html.ex: Use a function as a variable (broken for some reason) 2018-10-16 03:34:33 +02:00
Haelwenn (lanodan) Monnier 50e0a9ae56
lib/pleroma/html.ex: Fix scheme lists
Gosh please don’t break ourselves…

Also this is copy-paste of the list in lib/pleroma/formatter.ex,
I think this should be put in a common variable, but where?
2018-10-16 03:00:37 +02:00
William Pitcock 7f0e291483 html: twittertext: add missing catchall scrub function 2018-09-22 03:45:35 +00:00
William Pitcock 8ae9424edb html: default to using normal scrub policy if provided scrub policy is nil 2018-09-22 02:52:59 +00:00
William Pitcock a7d0ecdc7c html: add policy which transforms inline images to pass through the media proxy 2018-09-16 02:16:16 +00:00
William Pitcock cd13fa17fd html: allow scrubbing policies to be stackable 2018-09-16 02:16:14 +00:00