akkoma/priv/scrubbers/default.ex

defmodule Pleroma.HTML.Scrubber.Default do
  @doc "The default HTML scrubbing policy: no "

  require FastSanitize.Sanitizer.Meta
  alias FastSanitize.Sanitizer.Meta

  # credo:disable-for-previous-line
  # No idea how to fix this one…

  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])

  Meta.strip_comments()

  Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)

  Meta.allow_tag_with_this_attribute_values(:a, "class", [
    "hashtag",
    "u-url",
    "mention",
    "u-url mention",
    "mention u-url"
  ])

  Meta.allow_tag_with_this_attribute_values(:a, "rel", [
    "tag",
    "nofollow",
    "noopener",
    "noreferrer",
    "ugc"
  ])

  Meta.allow_tag_with_these_attributes(:a, ["name", "title"])

  Meta.allow_tag_with_these_attributes(:abbr, ["title"])

  Meta.allow_tag_with_these_attributes(:b, [])
  Meta.allow_tag_with_these_attributes(:blockquote, [])
  Meta.allow_tag_with_these_attributes(:br, [])
  Meta.allow_tag_with_these_attributes(:code, [])
  Meta.allow_tag_with_these_attributes(:del, [])
  Meta.allow_tag_with_these_attributes(:em, [])
  Meta.allow_tag_with_these_attributes(:hr, [])
  Meta.allow_tag_with_these_attributes(:i, [])
  Meta.allow_tag_with_these_attributes(:li, [])
  Meta.allow_tag_with_these_attributes(:ol, [])
  Meta.allow_tag_with_these_attributes(:p, [])
  Meta.allow_tag_with_these_attributes(:pre, [])
  Meta.allow_tag_with_these_attributes(:strong, [])
  Meta.allow_tag_with_these_attributes(:sub, [])
  Meta.allow_tag_with_these_attributes(:sup, [])
  Meta.allow_tag_with_these_attributes(:ruby, [])
  Meta.allow_tag_with_these_attributes(:rb, [])
  Meta.allow_tag_with_these_attributes(:rp, [])
  Meta.allow_tag_with_these_attributes(:rt, [])
  Meta.allow_tag_with_these_attributes(:rtc, [])
  Meta.allow_tag_with_these_attributes(:u, [])
  Meta.allow_tag_with_these_attributes(:ul, [])

  Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"])
  Meta.allow_tag_with_these_attributes(:span, [])

  Meta.allow_tag_with_this_attribute_values(:code, "class", ["inline"])

  @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])

  if @allow_inline_images do
    # restrict img tags to http/https only, because of MediaProxy.
    Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])

    Meta.allow_tag_with_these_attributes(:img, [
      "width",
      "height",
      "class",
      "title",
      "alt"
    ])
  end

  if Pleroma.Config.get([:markup, :allow_tables]) do
    Meta.allow_tag_with_these_attributes(:table, [])
    Meta.allow_tag_with_these_attributes(:tbody, [])
    Meta.allow_tag_with_these_attributes(:td, [])
    Meta.allow_tag_with_these_attributes(:th, [])
    Meta.allow_tag_with_these_attributes(:thead, [])
    Meta.allow_tag_with_these_attributes(:tr, [])
  end

  if Pleroma.Config.get([:markup, :allow_headings]) do
    Meta.allow_tag_with_these_attributes(:h1, [])
    Meta.allow_tag_with_these_attributes(:h2, [])
    Meta.allow_tag_with_these_attributes(:h3, [])
    Meta.allow_tag_with_these_attributes(:h4, [])
    Meta.allow_tag_with_these_attributes(:h5, [])
  end

  if Pleroma.Config.get([:markup, :allow_fonts]) do
    Meta.allow_tag_with_these_attributes(:font, ["face"])
  end

  Meta.strip_everything_not_covered()
end
HTML: Compile Scrubbers on boot This makes it possible to configure their behavior on OTP releases. 2019-12-08 16:42:40 +00:00			`defmodule Pleroma.HTML.Scrubber.Default do`
			`@doc "The default HTML scrubbing policy: no "`

			`require FastSanitize.Sanitizer.Meta`
			`alias FastSanitize.Sanitizer.Meta`

			`# credo:disable-for-previous-line`
			`# No idea how to fix this one…`

			`@valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])`

			`Meta.strip_comments()`

			`Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)`

			`Meta.allow_tag_with_this_attribute_values(:a, "class", [`
			`"hashtag",`
			`"u-url",`
			`"mention",`
			`"u-url mention",`
			`"mention u-url"`
			`])`

			`Meta.allow_tag_with_this_attribute_values(:a, "rel", [`
			`"tag",`
			`"nofollow",`
			`"noopener",`
			`"noreferrer",`
			`"ugc"`
			`])`

			`Meta.allow_tag_with_these_attributes(:a, ["name", "title"])`

			`Meta.allow_tag_with_these_attributes(:abbr, ["title"])`

			`Meta.allow_tag_with_these_attributes(:b, [])`
			`Meta.allow_tag_with_these_attributes(:blockquote, [])`
			`Meta.allow_tag_with_these_attributes(:br, [])`
			`Meta.allow_tag_with_these_attributes(:code, [])`
			`Meta.allow_tag_with_these_attributes(:del, [])`
			`Meta.allow_tag_with_these_attributes(:em, [])`
Sanitizer: allow <hr> tags 2020-10-13 18:54:53 +00:00			`Meta.allow_tag_with_these_attributes(:hr, [])`
HTML: Compile Scrubbers on boot This makes it possible to configure their behavior on OTP releases. 2019-12-08 16:42:40 +00:00			`Meta.allow_tag_with_these_attributes(:i, [])`
			`Meta.allow_tag_with_these_attributes(:li, [])`
			`Meta.allow_tag_with_these_attributes(:ol, [])`
			`Meta.allow_tag_with_these_attributes(:p, [])`
			`Meta.allow_tag_with_these_attributes(:pre, [])`
			`Meta.allow_tag_with_these_attributes(:strong, [])`
			`Meta.allow_tag_with_these_attributes(:sub, [])`
			`Meta.allow_tag_with_these_attributes(:sup, [])`
scrubbers/default: Add ruby element and it's childs This allows to format Japanese furigana (aka ruby) notation. Present in XHTML 1.1, HTML 5 and later. Absent in XHTML 1.0, HTML 4 and earlier. See https://www.w3.org/TR/ruby/ 2020-11-24 23:36:46 +00:00			`Meta.allow_tag_with_these_attributes(:ruby, [])`
			`Meta.allow_tag_with_these_attributes(:rb, [])`
			`Meta.allow_tag_with_these_attributes(:rp, [])`
			`Meta.allow_tag_with_these_attributes(:rt, [])`
			`Meta.allow_tag_with_these_attributes(:rtc, [])`
HTML: Compile Scrubbers on boot This makes it possible to configure their behavior on OTP releases. 2019-12-08 16:42:40 +00:00			`Meta.allow_tag_with_these_attributes(:u, [])`
			`Meta.allow_tag_with_these_attributes(:ul, [])`

			`Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"])`
			`Meta.allow_tag_with_these_attributes(:span, [])`

Refactor Earmark code, fix tests 2020-10-13 19:27:50 +00:00			`Meta.allow_tag_with_this_attribute_values(:code, "class", ["inline"])`

HTML: Compile Scrubbers on boot This makes it possible to configure their behavior on OTP releases. 2019-12-08 16:42:40 +00:00			`@allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])`

			`if @allow_inline_images do`
			`# restrict img tags to http/https only, because of MediaProxy.`
			`Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])`

			`Meta.allow_tag_with_these_attributes(:img, [`
			`"width",`
			`"height",`
			`"class",`
			`"title",`
			`"alt"`
			`])`
			`end`

			`if Pleroma.Config.get([:markup, :allow_tables]) do`
			`Meta.allow_tag_with_these_attributes(:table, [])`
			`Meta.allow_tag_with_these_attributes(:tbody, [])`
			`Meta.allow_tag_with_these_attributes(:td, [])`
			`Meta.allow_tag_with_these_attributes(:th, [])`
			`Meta.allow_tag_with_these_attributes(:thead, [])`
			`Meta.allow_tag_with_these_attributes(:tr, [])`
			`end`

			`if Pleroma.Config.get([:markup, :allow_headings]) do`
			`Meta.allow_tag_with_these_attributes(:h1, [])`
			`Meta.allow_tag_with_these_attributes(:h2, [])`
			`Meta.allow_tag_with_these_attributes(:h3, [])`
			`Meta.allow_tag_with_these_attributes(:h4, [])`
			`Meta.allow_tag_with_these_attributes(:h5, [])`
			`end`

			`if Pleroma.Config.get([:markup, :allow_fonts]) do`
			`Meta.allow_tag_with_these_attributes(:font, ["face"])`
			`end`

			`Meta.strip_everything_not_covered()`
			`end`