html scrubbing policies: restrict img tags to http/https only for mediaproxy compatibility

author: William Pitcock <nenolod@dereferenced.org> 2018-10-18 14:29:31 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2018-10-18 14:29:31 +0000
commit: 595d855f0ebd88faede51bf3e08384e956465722 (patch)
tree: 48a52dd670402e596d3591176431a34b53a1b3f3 /lib/pleroma/html.ex
parent: 2154c5dcd891cf2a85c0251e07424b5681aa88a2 (diff)
download: pleroma-595d855f0ebd88faede51bf3e08384e956465722.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex
index 2d2155b82..fdc5e7dab 100644
--- a/lib/pleroma/html.ex
+++ b/lib/pleroma/html.ex
@@ -63,7 +63,8 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
 
   if @allow_inline_images do
-    Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
+    # restrict img tags to http/https only, because of MediaProxy.
+    Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 
     Meta.allow_tag_with_these_attributes("img", [
       "width",
@@ -113,7 +114,8 @@ defmodule Pleroma.HTML.Scrubber.Default do
   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
 
   if @allow_inline_images do
-    Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
+    # restrict img tags to http/https only, because of MediaProxy.
+    Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 
     Meta.allow_tag_with_these_attributes("img", [
       "width",
author	William Pitcock <nenolod@dereferenced.org>	2018-10-18 14:29:31 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2018-10-18 14:29:31 +0000
commit	595d855f0ebd88faede51bf3e08384e956465722 (patch)
tree	48a52dd670402e596d3591176431a34b53a1b3f3 /lib/pleroma/html.ex
parent	2154c5dcd891cf2a85c0251e07424b5681aa88a2 (diff)
download	pleroma-595d855f0ebd88faede51bf3e08384e956465722.tar.gz