2019-07-30 14:40:59 +00:00
|
|
|
# Portions of this file are derived from Pleroma:
|
|
|
|
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social>
|
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
# Upstream: https://git.pleroma.social/pleroma/pleroma/blob/develop/lib/pleroma/html.ex
|
|
|
|
|
2020-01-22 01:14:42 +00:00
|
|
|
defmodule Mobilizon.Service.Formatter.DefaultScrubbler do
|
2019-07-30 14:40:59 +00:00
|
|
|
@moduledoc """
|
2020-01-22 01:14:42 +00:00
|
|
|
Custom strategy to filter HTML content.
|
2019-07-30 14:40:59 +00:00
|
|
|
"""
|
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
require FastSanitize.Sanitizer.Meta
|
|
|
|
alias FastSanitize.Sanitizer.Meta
|
2020-01-22 01:14:42 +00:00
|
|
|
|
2019-07-30 14:40:59 +00:00
|
|
|
# credo:disable-for-previous-line
|
|
|
|
# No idea how to fix this one…
|
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
@valid_schemes ~w(https http)
|
|
|
|
|
2019-07-30 14:40:59 +00:00
|
|
|
Meta.strip_comments()
|
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)
|
2019-07-30 14:40:59 +00:00
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
Meta.allow_tag_with_this_attribute_values(:a, "class", [
|
2019-07-30 14:40:59 +00:00
|
|
|
"hashtag",
|
|
|
|
"u-url",
|
|
|
|
"mention",
|
|
|
|
"u-url mention",
|
|
|
|
"mention u-url"
|
|
|
|
])
|
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
Meta.allow_tag_with_this_attribute_values(:a, "rel", [
|
2019-07-30 14:40:59 +00:00
|
|
|
"tag",
|
|
|
|
"nofollow",
|
|
|
|
"noopener",
|
2019-12-03 10:29:51 +00:00
|
|
|
"noreferrer",
|
|
|
|
"ugc"
|
2019-07-30 14:40:59 +00:00
|
|
|
])
|
|
|
|
|
2021-08-09 12:24:54 +00:00
|
|
|
# Rel attributes are separated by spaces
|
|
|
|
Meta.allow_tag_with_this_attribute_values(:a, "rel", [
|
|
|
|
"noopener noreferrer ugc"
|
|
|
|
])
|
|
|
|
|
2021-07-21 08:34:07 +00:00
|
|
|
Meta.allow_tag_with_these_attributes(:a, ["name", "title", "target"])
|
2019-07-30 14:40:59 +00:00
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
Meta.allow_tag_with_these_attributes(:abbr, ["title"])
|
2019-07-30 14:40:59 +00:00
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
Meta.allow_tag_with_these_attributes(:b, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:blockquote, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:br, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:code, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:del, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:em, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:i, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:li, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:ol, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:p, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:pre, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:strong, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:u, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:ul, [])
|
|
|
|
Meta.allow_tag_with_uri_attributes(:img, ["src"], @valid_schemes)
|
|
|
|
|
|
|
|
Meta.allow_tag_with_these_attributes(:img, [
|
|
|
|
"width",
|
|
|
|
"height",
|
|
|
|
"class",
|
|
|
|
"title",
|
2020-12-16 08:54:09 +00:00
|
|
|
"alt",
|
|
|
|
"data-media-id"
|
2020-02-18 07:57:00 +00:00
|
|
|
])
|
2019-07-30 14:40:59 +00:00
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card", "mention"])
|
2021-11-07 13:59:20 +00:00
|
|
|
Meta.allow_tag_with_this_attribute_values(:span, "dir", ["ltr", "rtl", "auto"])
|
2020-02-18 07:57:00 +00:00
|
|
|
Meta.allow_tag_with_these_attributes(:span, ["data-user"])
|
2019-07-30 14:40:59 +00:00
|
|
|
|
2020-02-18 07:57:00 +00:00
|
|
|
Meta.allow_tag_with_these_attributes(:h1, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:h2, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:h3, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:h4, [])
|
|
|
|
Meta.allow_tag_with_these_attributes(:h5, [])
|
2021-01-09 23:01:57 +00:00
|
|
|
Meta.allow_tag_with_these_attributes(:hr, [])
|
2019-07-30 14:40:59 +00:00
|
|
|
|
|
|
|
Meta.strip_everything_not_covered()
|
|
|
|
end
|