Sachin Joshi
85fa2fbce4
add scrubber for html special char
2019-05-01 01:37:17 +05:45
kaniini
030a7876b4
Merge branch 'security/fix-html-class-scrubbing' into 'develop'
...
html: lock down allowed class attributes to only those related to microformats
See merge request pleroma/pleroma!1090
2019-04-23 23:07:56 +00:00
William Pitcock
f5535e5743
html: lock down allowed class attributes to only those related to microformats
2019-04-23 23:03:45 +00:00
rinpatch
627e5a0a49
Merge branch 'develop' into feature/database-compaction
2019-04-17 12:22:32 +03:00
rinpatch
f0f30019e1
Refactor html caching functions to have a key instead of a module, use more correct terminology and fix summaries in mastoapi
2019-04-05 15:19:44 +03:00
rinpatch
975482f091
insert object defaults for fake activities and make credo happy
2019-04-01 12:16:51 +03:00
rinpatch
45ba10bf47
Fix the issue with HTML scrubber
2019-04-01 11:55:59 +03:00
Fong-Wan Chau
4ed2618f6c
Allow 'rel' attribute on <a>
link with specific values (for hashtag recognition).
2019-03-17 11:03:19 -04:00
Haelwenn (lanodan) Monnier
fb82f6fc7c
[Credo] Remove parentesis on argument-less functions
2019-03-13 04:26:56 +01:00
Haelwenn (lanodan) Monnier
381fe44172
HTML.Scrubber.Default: Consistency
2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
2272934a5e
Stash
2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
60ea29dfe6
Credo fixes: alias grouping/ordering
2019-02-09 14:59:20 +01:00
William Pitcock
a2bb5d890d
html: don't attempt to parse nil content
2019-02-05 05:06:17 +00:00
William Pitcock
ddb5545202
rich media: kill some testsuite noise
2019-01-28 20:55:33 +00:00
William Pitcock
be9abb2cc5
html: add utility function to extract first URL from an object and cache the result
2019-01-26 14:55:12 +00:00
William Pitcock
1ddab78247
html: allow microformats-related markup through the html filter
2019-01-16 03:54:01 +00:00
Rin Toshaka
1e2d58982e
oopsies
2019-01-05 00:25:31 +01:00
Rin Toshaka
846082e54f
Different caches based on the module. Remove scrubber version since it is not relevant anymore
2019-01-05 00:19:46 +01:00
William Pitcock
980b5288ed
update copyright years to 2019
2018-12-31 15:41:47 +00:00
Rin Toshaka
7e09c2bd7d
Move scrubber cache-related functions to Pleroma.HTML
2018-12-31 08:19:48 +01:00
Rin Toshaka
c50353e6ae
shame on me for not testing after revert
2018-12-30 20:44:17 +01:00
Rin Toshaka
3f9da55adc
Fix formating. Aparently my pre-commit hook broke.
2018-12-30 20:16:42 +01:00
Rin Toshaka
62af23bd26
Revert some changes in html.ex
2018-12-30 20:12:12 +01:00
Rin Toshaka
19f9889fbe
I am not sure what's going on anymore so I'll just commit and reset all the other files to HEAD
2018-12-29 17:45:50 +01:00
William Pitcock
2791ce9a1f
add license boilerplate to pleroma core
2018-12-23 20:56:42 +00:00
Maksim Pechnikov
baead4ea4b
fix markdown formatting
2018-12-14 16:03:58 +03:00
Maksim Pechnikov
074fa790ba
fix compile warnings
2018-12-09 20:50:08 +03:00
Vald
194869c7db
added data attrs to twitter scrubber
2018-12-06 02:14:56 +05:30
Vald
3ccfe226c0
added data attrs for user and tag
2018-12-06 01:05:41 +05:30
href
5bb88fd174
Runtime configuration
...
Related to #85
Everything should now be configured at runtime, with the exception of
the `Pleroma.HTML` scrubbers (the scrubbers used can be
changed at runtime, but their configuration is compile-time) because
it's building a module with a macro.
2018-11-06 19:41:15 +01:00
scarlett
795634c90f
Allow use of the abbr
HTML tag.
2018-10-30 21:40:06 +00:00
William Pitcock
8613db0e3b
html: ensure comments are correctly scrubbed
2018-10-23 00:48:49 +00:00
William Pitcock
595d855f0e
html scrubbing policies: restrict img tags to http/https only for mediaproxy compatibility
2018-10-18 14:29:31 +00:00
Haelwenn (lanodan) Monnier
2154c5dcd8
lib/pleroma/html.ex: Use macros for valid_schemes, change config for schemes
2018-10-18 07:58:15 +02:00
Haelwenn (lanodan) Monnier
d7654c77de
lib/pleroma/html.ex: Use a function as a variable (broken for some reason)
2018-10-16 03:34:33 +02:00
Haelwenn (lanodan) Monnier
50e0a9ae56
lib/pleroma/html.ex: Fix scheme lists
...
Gosh please don’t break ourselves…
Also this is copy-paste of the list in lib/pleroma/formatter.ex,
I think this should be put in a common variable, but where?
2018-10-16 03:00:37 +02:00
William Pitcock
7f0e291483
html: twittertext: add missing catchall scrub function
2018-09-22 03:45:35 +00:00
William Pitcock
8ae9424edb
html: default to using normal scrub policy if provided scrub policy is nil
2018-09-22 02:52:59 +00:00
William Pitcock
a7d0ecdc7c
html: add policy which transforms inline images to pass through the media proxy
2018-09-16 02:16:16 +00:00
William Pitcock
cd13fa17fd
html: allow scrubbing policies to be stackable
2018-09-16 02:16:14 +00:00
William Pitcock
95376ac1fe
html: add the ability to override the default scrub policy
2018-09-16 01:25:35 +00:00
William Pitcock
358f88e10a
html: allow inline images by default (because of custom emoji)
2018-09-10 00:24:19 +00:00
William Pitcock
40e2f6e500
html: add default scrubbing profile and configuration knobs
2018-09-10 00:14:57 +00:00
William Pitcock
255f46d7ab
html: new module providing a configurable markup scrubbing policy
2018-09-10 00:13:57 +00:00