Use info.fields instead of source_data for remote users

author: Egor Kislitsyn <egor@kislitsyn.com> 2019-08-06 18:21:25 +0700
committer: Egor Kislitsyn <egor@kislitsyn.com> 2019-08-14 14:52:54 +0700
commit: f7bbf99caade7f06756e95e3a4e2f0e4d3e76579 (patch)
tree: c88c9e372a60fc2d6822a4d7d6cf6aa7c4f2353d /lib/pleroma/html.ex
parent: 2c35d4b0b04e58368c51f2828536d295f72839a2 (diff)
download: pleroma-f7bbf99caade7f06756e95e3a4e2f0e4d3e76579.tar.gz
1 files changed, 28 insertions, 0 deletions
diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex
index 2fae7281c..bf2000d90 100644
--- a/lib/pleroma/html.ex
+++ b/lib/pleroma/html.ex
@@ -280,3 +280,31 @@ defmodule Pleroma.HTML.Transform.MediaProxy do
   def scrub({_tag, children}), do: children
   def scrub(text), do: text
 end
+
+defmodule Pleroma.HTML.Scrubber.LinksOnly do
+  @moduledoc """
+  An HTML scrubbing policy which limits to links only.
+  """
+
+  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
+
+  require HtmlSanitizeEx.Scrubber.Meta
+  alias HtmlSanitizeEx.Scrubber.Meta
+
+  Meta.remove_cdata_sections_before_scrub()
+  Meta.strip_comments()
+
+  # links
+  Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
+
+  Meta.allow_tag_with_this_attribute_values("a", "rel", [
+    "tag",
+    "nofollow",
+    "noopener",
+    "noreferrer",
+    "me"
+  ])
+
+  Meta.allow_tag_with_these_attributes("a", ["name", "title"])
+  Meta.strip_everything_not_covered()
+end
author	Egor Kislitsyn <egor@kislitsyn.com>	2019-08-06 18:21:25 +0700
committer	Egor Kislitsyn <egor@kislitsyn.com>	2019-08-14 14:52:54 +0700
commit	f7bbf99caade7f06756e95e3a4e2f0e4d3e76579 (patch)
tree	c88c9e372a60fc2d6822a4d7d6cf6aa7c4f2353d /lib/pleroma/html.ex
parent	2c35d4b0b04e58368c51f2828536d295f72839a2 (diff)
download	pleroma-f7bbf99caade7f06756e95e3a4e2f0e4d3e76579.tar.gz