Merge branch 'master' into glitch-soc/merge-upstream

Conflicts: - `Gemfile`: We updated httplog in a separate commit. Took upstream's change which updated it further. - `Gemfile.lock`: We updated httplog in a separate commit. Took upstream's change which updated it further. - `app/lib/sanitize_config.rb`: Upstream added better unsupported link stripping, while we had different sanitizing configs. Took only upstream's link stripping code. - `config/locales/simple_form.pl.yml`: Strings unused in glitch-soc had been removed from glitch-soc, reintroduced them even if they are not useful, to reduce the risk of later merge conflicts.
2020-02-09 12:15:55 +01:00
parent a2cfe3daaa 57c42c20c0
commit dae5e446fe
37 changed files with 455 additions and 220 deletions
--- a/app/lib/sanitize_config.rb
+++ b/app/lib/sanitize_config.rb
@ -2,7 +2,23 @@

 class Sanitize
  module Config
-    HTTP_PROTOCOLS ||= ['http', 'https', 'dat', 'dweb', 'ipfs', 'ipns', 'ssb', 'gopher', 'xmpp', 'magnet', :relative].freeze
+    HTTP_PROTOCOLS = %w(
+      http
+      https
+    ).freeze
+
+    LINK_PROTOCOLS = %w(
+      http
+      https
+      dat
+      dweb
+      ipfs
+      ipns
+      ssb
+      gopher
+      xmpp
+      magnet
+    ).freeze

    CLASS_WHITELIST_TRANSFORMER = lambda do |env|
      node = env[:node]
@ -38,6 +54,22 @@ class Sanitize
      end
    end

+    UNSUPPORTED_HREF_TRANSFORMER = lambda do |env|
+      return unless env[:node_name] == 'a'
+
+      current_node = env[:node]
+
+      scheme = begin
+        if current_node['href'] =~ Sanitize::REGEX_PROTOCOL
+          Regexp.last_match(1).downcase
+        else
+          :relative
+        end
+      end
+
+      current_node.replace(current_node.text) unless LINK_PROTOCOLS.include?(scheme)
+    end
+
    MASTODON_STRICT ||= freeze_config(
      elements: %w(p br span a abbr del pre blockquote code b strong u sub sup i em h1 h2 h3 h4 h5 ul ol li),

@ -56,13 +88,14 @@ class Sanitize
      },

      protocols: {
-        'a'          => { 'href' => HTTP_PROTOCOLS },
-        'blockquote' => { 'cite' => HTTP_PROTOCOLS },
+        'a'          => { 'href' => LINK_PROTOCOLS },
+        'blockquote' => { 'cite' => LINK_PROTOCOLS },
      },

      transformers: [
        CLASS_WHITELIST_TRANSFORMER,
        IMG_TAG_TRANSFORMER,
+        UNSUPPORTED_HREF_TRANSFORMER,
      ]
    )