html: allow inline images by default (because of custom emoji)

This commit is contained in:
William Pitcock 2018-09-10 00:23:23 +00:00
parent 40e2f6e500
commit 358f88e10a
2 changed files with 18 additions and 1 deletions
config
lib/pleroma

View file

@ -77,7 +77,9 @@
managed_config: true managed_config: true
config :pleroma, :markup, config :pleroma, :markup,
allow_inline_images: false, # XXX - unfortunately, inline images must be enabled by default right now, because
# of custom emoji. Issue #275 discusses defanging that somehow.
allow_inline_images: true,
allow_headings: false, allow_headings: false,
allow_tables: false, allow_tables: false,
allow_fonts: false, allow_fonts: false,

View file

@ -37,6 +37,21 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
# microformats # microformats
Meta.allow_tag_with_these_attributes("span", []) Meta.allow_tag_with_these_attributes("span", [])
# allow inline images for custom emoji
@markup Application.get_env(:pleroma, :markup)
@allow_inline_images Keyword.get(@markup, :allow_inline_images)
if @allow_inline_images do
Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
Meta.allow_tag_with_these_attributes("img", [
"width",
"height",
"title",
"alt"
])
end
end end
defmodule Pleroma.HTML.Scrubber.Default do defmodule Pleroma.HTML.Scrubber.Default do