mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-20 11:35:29 +01:00
ea436b355b
* Fix wrong grouping in Twitter valid_url regex * Add support for xmpp URIs Fixes #9776 The difficult part is autolinking, because Twitter-text's extractor does some pretty ad-hoc stuff to find things that “look like” URLs, and XMPP URIs do not really match the assumptions of that lib, so it doesn't sound wise to try to shoehorn it into the existing regex. This is why I used a specific regex (very close, although slightly more permissive than the RFC), and a specific scan function (a simplified version of the generalized one from Twitter). * Remove leading “xmpp:” from auto-linked text
86 lines
2.3 KiB
Ruby
86 lines
2.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Sanitize
|
|
module Config
|
|
HTTP_PROTOCOLS ||= ['http', 'https', 'dat', 'dweb', 'ipfs', 'ipns', 'ssb', 'gopher', 'xmpp', :relative].freeze
|
|
|
|
CLASS_WHITELIST_TRANSFORMER = lambda do |env|
|
|
node = env[:node]
|
|
class_list = node['class']&.split(/[\t\n\f\r ]/)
|
|
|
|
return unless class_list
|
|
|
|
class_list.keep_if do |e|
|
|
next true if e =~ /^(h|p|u|dt|e)-/ # microformats classes
|
|
next true if e =~ /^(mention|hashtag)$/ # semantic classes
|
|
next true if e =~ /^(ellipsis|invisible)$/ # link formatting classes
|
|
end
|
|
|
|
node['class'] = class_list.join(' ')
|
|
end
|
|
|
|
UNSUPPORTED_ELEMENTS_TRANSFORMER = lambda do |env|
|
|
return unless %w(h1 h2 h3 h4 h5 h6 blockquote pre ul ol li).include?(env[:node_name])
|
|
|
|
case env[:node_name]
|
|
when 'li'
|
|
env[:node].traverse do |node|
|
|
next unless %w(p ul ol li).include?(node.name)
|
|
|
|
node.add_next_sibling('<br>') if node.next_sibling
|
|
node.replace(node.children) unless node.text?
|
|
end
|
|
else
|
|
env[:node].name = 'p'
|
|
end
|
|
end
|
|
|
|
MASTODON_STRICT ||= freeze_config(
|
|
elements: %w(p br span a),
|
|
|
|
attributes: {
|
|
'a' => %w(href rel class),
|
|
'span' => %w(class),
|
|
},
|
|
|
|
add_attributes: {
|
|
'a' => {
|
|
'rel' => 'nofollow noopener noreferrer',
|
|
'target' => '_blank',
|
|
},
|
|
},
|
|
|
|
protocols: {
|
|
'a' => { 'href' => HTTP_PROTOCOLS },
|
|
},
|
|
|
|
transformers: [
|
|
CLASS_WHITELIST_TRANSFORMER,
|
|
UNSUPPORTED_ELEMENTS_TRANSFORMER,
|
|
]
|
|
)
|
|
|
|
MASTODON_OEMBED ||= freeze_config merge(
|
|
RELAXED,
|
|
elements: RELAXED[:elements] + %w(audio embed iframe source video),
|
|
|
|
attributes: merge(
|
|
RELAXED[:attributes],
|
|
'audio' => %w(controls),
|
|
'embed' => %w(height src type width),
|
|
'iframe' => %w(allowfullscreen frameborder height scrolling src width),
|
|
'source' => %w(src type),
|
|
'video' => %w(controls height loop width),
|
|
'div' => [:data]
|
|
),
|
|
|
|
protocols: merge(
|
|
RELAXED[:protocols],
|
|
'embed' => { 'src' => HTTP_PROTOCOLS },
|
|
'iframe' => { 'src' => HTTP_PROTOCOLS },
|
|
'source' => { 'src' => HTTP_PROTOCOLS }
|
|
)
|
|
)
|
|
end
|
|
end
|