Commit Graph

7 Commits

Author SHA1 Message Date
Eugen Rochko 8f64b17d98 Whitelist dat/ipfs/gopher links in sanitizer ()
Fix 
2018-07-16 22:17:43 +09:00
puckipedia 545095b3ce [!] Sanitize incoming classlist properly ()
* Sanitize classlist properly

* Actually properly sanitize every class after the first

* Improve Formatter spec to check for multiple classes and non-space whitespace
2018-01-03 03:54:08 +01:00
nightpool 94d0e012de Whitelist allowed classes for federated statuses ()
* Whitelist allowed classes for federated statuses

Allowed classes are currently:

 - Any microformats class (h/p/u/dt/e-*)
 - the classes mention, hashtag, ellipses and invisible.

this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text.

resolved 

* Fix code style
2017-06-17 20:26:05 +02:00
unarist 6bd6dcf6df Allow "class" attribute on the "a" tag in sanitization ()
This preserves `<a ... class="u-url mention">` from other Mastodon instances.
2017-06-07 15:57:30 +02:00
Eugen Rochko 58bcd50f7f Fix - Trim long usernames in public follower/following lists ()
Fix  - Catch OpenSSL exceptions when loading remote avatars/headers/attachments
Don't strip "rel" attribute from <a> tags when sanitizing (microformats)
2017-05-11 23:14:00 +02:00
Yamagishi Kazutoshi 4a5f73c8ae Add target=_blank to user note ()
* Add target=_blank to user note

Open new window when click link from user profile in remote instance.

* fix rubocop
2017-04-30 00:28:41 +02:00
Eugen Rochko 88725d6ce8 OEmbed support for PreviewCard ()
* OEmbed support for PreviewCard

* Improve ProviderDiscovery code failure treatment

* Do not crawl links if there is a content warning, since those
don't display a link card anyway

* Reset db schema

* Fresh migrate

* Fix rubocop style issues
Fix  - return existing access token when applicable instead of creating new

* Fix test

* Extract http client to helper

* Improve oembed controller
2017-04-27 14:42:22 +02:00