Commit graph

61 commits

Author SHA1 Message Date
Egor Kislitsyn
b7a57d8e38 Use Pleroma.Utils.compile_dir/1 in Pleroma.HTML.compile_scrubbers/0 2019-12-10 00:38:01 +07:00
rinpatch
d6c89068f3 HTML: Compile Scrubbers on boot
This makes it possible to configure their behavior on OTP releases.
2019-12-08 20:35:41 +03:00
rinpatch
a21340caa1 Fix never matching clause
`length/1` is only used with lists.
2019-12-08 16:46:18 +03:00
Egor Kislitsyn
cf52106e05
Update Floki dependency 2019-12-02 13:38:35 +07:00
Egor Kislitsyn
a98cda7758
Fix Pleroma.HTML.extract_first_external_url/2 2019-11-29 15:49:35 +07:00
rinpatch
ae59b38203 Rip out the rest of htmlsanitizeex 2019-10-30 09:20:13 +03:00
rinpatch
77cfb08b8c Remove commented-out code 2019-10-29 20:58:54 +03:00
rinpatch
08f6837065 Switch from HtmlSanitizeEx to FastSanitize 2019-10-29 01:18:08 +03:00
Egor Kislitsyn
cf3041220a Add support for rel="ugc" 2019-09-19 14:56:10 +07:00
lain
ef43016b2c Merge branch 'feature/custom-fields' into 'develop'
Add custom profile fields

See merge request 
2019-08-20 12:44:14 +00:00
Haelwenn (lanodan) Monnier
a6a814420d
html.ex: Allow sub and sup elements by default
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1191
2019-08-14 22:49:13 +02:00
Egor Kislitsyn
f7bbf99caa Use info.fields instead of source_data for remote users 2019-08-14 14:52:54 +07:00
rinpatch
035368d363 Rich Media: Skip Microformats hashtags
When fixing this problem I incorrectly assumed a.hashtag is
the proper way for detecting hashtags, but it is just something Pleroma and
Mastodon add. Per microformats it should be detected by the presense of rel=tag.

This MR adds a check for rel=tag, but I still left a.hashtag just in case
2019-06-19 00:46:30 +03:00
rinpatch
d0ebc0edf3 Fix hashtags being picked up by rich media parser
Closes 
2019-06-14 14:34:42 +03:00
Egor Kislitsyn
99f70c7e20 Use Pleroma.Config everywhere 2019-05-30 15:33:58 +07:00
Haelwenn (lanodan) Monnier
85b5c60694
Pleroma.Formatter: width/height to class=emoji 2019-05-03 16:25:58 +02:00
rinpatch
51e26f14f7 Remove redundant ensure_scrubbed_html
It is never used as handling for fake and non-fake activities was merged
into one function above it
2019-05-01 13:52:44 +03:00
Sachin Joshi
85fa2fbce4 add scrubber for html special char 2019-05-01 01:37:17 +05:45
kaniini
030a7876b4 Merge branch 'security/fix-html-class-scrubbing' into 'develop'
html: lock down allowed class attributes to only those related to microformats

See merge request 
2019-04-23 23:07:56 +00:00
William Pitcock
f5535e5743 html: lock down allowed class attributes to only those related to microformats 2019-04-23 23:03:45 +00:00
rinpatch
627e5a0a49 Merge branch 'develop' into feature/database-compaction 2019-04-17 12:22:32 +03:00
rinpatch
f0f30019e1 Refactor html caching functions to have a key instead of a module, use more correct terminology and fix summaries in mastoapi 2019-04-05 15:19:44 +03:00
rinpatch
975482f091 insert object defaults for fake activities and make credo happy 2019-04-01 12:16:51 +03:00
rinpatch
45ba10bf47 Fix the issue with HTML scrubber 2019-04-01 11:55:59 +03:00
Fong-Wan Chau
4ed2618f6c Allow 'rel' attribute on <a> link with specific values (for hashtag recognition). 2019-03-17 11:03:19 -04:00
Haelwenn (lanodan) Monnier
fb82f6fc7c
[Credo] Remove parentesis on argument-less functions 2019-03-13 04:26:56 +01:00
Haelwenn (lanodan) Monnier
381fe44172
HTML.Scrubber.Default: Consistency 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
2272934a5e
Stash 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
60ea29dfe6
Credo fixes: alias grouping/ordering 2019-02-09 14:59:20 +01:00
William Pitcock
a2bb5d890d html: don't attempt to parse nil content 2019-02-05 05:06:17 +00:00
William Pitcock
ddb5545202 rich media: kill some testsuite noise 2019-01-28 20:55:33 +00:00
William Pitcock
be9abb2cc5 html: add utility function to extract first URL from an object and cache the result 2019-01-26 14:55:12 +00:00
William Pitcock
1ddab78247 html: allow microformats-related markup through the html filter 2019-01-16 03:54:01 +00:00
Rin Toshaka
1e2d58982e oopsies 2019-01-05 00:25:31 +01:00
Rin Toshaka
846082e54f Different caches based on the module. Remove scrubber version since it is not relevant anymore 2019-01-05 00:19:46 +01:00
William Pitcock
980b5288ed update copyright years to 2019 2018-12-31 15:41:47 +00:00
Rin Toshaka
7e09c2bd7d Move scrubber cache-related functions to Pleroma.HTML 2018-12-31 08:19:48 +01:00
Rin Toshaka
c50353e6ae shame on me for not testing after revert 2018-12-30 20:44:17 +01:00
Rin Toshaka
3f9da55adc Fix formating. Aparently my pre-commit hook broke. 2018-12-30 20:16:42 +01:00
Rin Toshaka
62af23bd26 Revert some changes in html.ex 2018-12-30 20:12:12 +01:00
Rin Toshaka
19f9889fbe I am not sure what's going on anymore so I'll just commit and reset all the other files to HEAD 2018-12-29 17:45:50 +01:00
William Pitcock
2791ce9a1f add license boilerplate to pleroma core 2018-12-23 20:56:42 +00:00
Maksim Pechnikov
baead4ea4b fix markdown formatting 2018-12-14 16:03:58 +03:00
Maksim Pechnikov
074fa790ba fix compile warnings 2018-12-09 20:50:08 +03:00
Vald
194869c7db added data attrs to twitter scrubber 2018-12-06 02:14:56 +05:30
Vald
3ccfe226c0 added data attrs for user and tag 2018-12-06 01:05:41 +05:30
href
5bb88fd174
Runtime configuration
Related to 

Everything should now be configured at runtime, with the exception of
the `Pleroma.HTML` scrubbers (the scrubbers used can be
changed at runtime, but their configuration is compile-time) because
it's building a module with a macro.
2018-11-06 19:41:15 +01:00
scarlett
795634c90f Allow use of the abbr HTML tag. 2018-10-30 21:40:06 +00:00
William Pitcock
8613db0e3b html: ensure comments are correctly scrubbed 2018-10-23 00:48:49 +00:00
William Pitcock
595d855f0e html scrubbing policies: restrict img tags to http/https only for mediaproxy compatibility 2018-10-18 14:29:31 +00:00