Make sanitizer *not* add no-referrer etc. in local markdown toots if the link is “safe”
parent
909b2257ab
commit
6b5c7ee662
|
@ -59,7 +59,7 @@ class Formatter
|
|||
html = "RT @#{prepend_reblog} #{html}" if prepend_reblog
|
||||
html = format_markdown(html) if status.content_type == 'text/markdown'
|
||||
html = encode_and_link_urls(html, linkable_accounts, keep_html: %w(text/markdown text/html).include?(status.content_type))
|
||||
html = reformat(html) if %w(text/markdown text/html).include?(status.content_type)
|
||||
html = reformat(html, true) if %w(text/markdown text/html).include?(status.content_type)
|
||||
html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify]
|
||||
|
||||
unless %w(text/markdown text/html).include?(status.content_type)
|
||||
|
@ -75,8 +75,8 @@ class Formatter
|
|||
html.delete("\r").delete("\n")
|
||||
end
|
||||
|
||||
def reformat(html)
|
||||
sanitize(html, Sanitize::Config::MASTODON_STRICT)
|
||||
def reformat(html, outgoing = false)
|
||||
sanitize(html, Sanitize::Config::MASTODON_STRICT.merge(outgoing: outgoing))
|
||||
rescue ArgumentError
|
||||
''
|
||||
end
|
||||
|
|
|
@ -60,7 +60,10 @@ class Sanitize
|
|||
node = env[:node]
|
||||
|
||||
rel = (node['rel'] || '').split(' ') & ['tag']
|
||||
node['rel'] = (['nofollow', 'noopener', 'noreferrer'] + rel).join(' ')
|
||||
unless env[:config][:outgoing] && TagManager.instance.local_url?(node['href'])
|
||||
rel += ['nofollow', 'noopener', 'noreferrer']
|
||||
end
|
||||
node['rel'] = rel.join(' ')
|
||||
end
|
||||
|
||||
UNSUPPORTED_HREF_TRANSFORMER = lambda do |env|
|
||||
|
@ -103,8 +106,8 @@ class Sanitize
|
|||
transformers: [
|
||||
CLASS_WHITELIST_TRANSFORMER,
|
||||
IMG_TAG_TRANSFORMER,
|
||||
LINK_REL_TRANSFORMER,
|
||||
UNSUPPORTED_HREF_TRANSFORMER,
|
||||
LINK_REL_TRANSFORMER,
|
||||
]
|
||||
)
|
||||
|
||||
|
|
|
@ -7,6 +7,12 @@ describe Sanitize::Config do
|
|||
describe '::MASTODON_STRICT' do
|
||||
subject { Sanitize::Config::MASTODON_STRICT }
|
||||
|
||||
around do |example|
|
||||
original_web_domain = Rails.configuration.x.web_domain
|
||||
example.run
|
||||
Rails.configuration.x.web_domain = original_web_domain
|
||||
end
|
||||
|
||||
it 'keeps h1' do
|
||||
expect(Sanitize.fragment('<h1>Foo</h1>', subject)).to eq '<h1>Foo</h1>'
|
||||
end
|
||||
|
@ -32,7 +38,12 @@ describe Sanitize::Config do
|
|||
end
|
||||
|
||||
it 'keeps a with href and rel tag' do
|
||||
expect(Sanitize.fragment('<a href="http://example.com" rel="tag">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer tag" target="_blank">Test</a>'
|
||||
expect(Sanitize.fragment('<a href="http://example.com" rel="tag">Test</a>', subject)).to eq '<a href="http://example.com" rel="tag nofollow noopener noreferrer" target="_blank">Test</a>'
|
||||
end
|
||||
|
||||
it 'keeps a with href and rel tag, not adding to rel if url is local' do
|
||||
Rails.configuration.x.web_domain = 'domain.test'
|
||||
expect(Sanitize.fragment('<a href="http://domain.test/tags/foo" rel="tag">Test</a>', subject.merge(outgoing: true))).to eq '<a href="http://domain.test/tags/foo" rel="tag" target="_blank">Test</a>'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue