monorail
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change HTML sanitization to remove unusable and unused `embed` tag (#34021)

This commit is contained in:
Claire 2025-02-27 11:12:58 +01:00 committed by GitHub
parent cde3167d09
commit f5c4022a20
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/sanitize_ext/sanitize_config.rb
View File

@ -131,18 +131,16 @@ class Sanitize
)
MASTODON_OEMBED = freeze_config(
elements: %w(audio embed iframe source video),
elements: %w(audio iframe source video),
attributes: {
'audio' => %w(controls),
'embed' => %w(height src type width),
'iframe' => %w(allowfullscreen frameborder height scrolling src width),
'source' => %w(src type),
'video' => %w(controls height loop width),
},
protocols: {
'embed' => { 'src' => HTTP_PROTOCOLS },
'iframe' => { 'src' => HTTP_PROTOCOLS },
'source' => { 'src' => HTTP_PROTOCOLS },
},