Merge branch 'feature/mrf-scrub' into 'develop'

MRF: html scrubbing filter

See merge request pleroma/pleroma!345
This commit is contained in:
kaniini 2018-09-16 01:31:03 +00:00
commit 2881275291
3 changed files with 32 additions and 1 deletions

View File

@ -104,6 +104,8 @@
config :pleroma, :user, deny_follow_blocked: true config :pleroma, :user, deny_follow_blocked: true
config :pleroma, :mrf_normalize_markup, scrub_policy: Pleroma.HTML.Scrubber.Default
config :pleroma, :mrf_rejectnonpublic, config :pleroma, :mrf_rejectnonpublic,
allow_followersonly: false, allow_followersonly: false,
allow_direct: false allow_direct: false

View File

@ -3,9 +3,13 @@ defmodule Pleroma.HTML do
@markup Application.get_env(:pleroma, :markup) @markup Application.get_env(:pleroma, :markup)
def filter_tags(html, scrubber) do
html |> Scrubber.scrub(scrubber)
end
def filter_tags(html) do def filter_tags(html) do
scrubber = Keyword.get(@markup, :scrub_policy) scrubber = Keyword.get(@markup, :scrub_policy)
html |> Scrubber.scrub(scrubber) filter_tags(html, scrubber)
end end
def strip_tags(html) do def strip_tags(html) do

View File

@ -0,0 +1,25 @@
defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkup do
alias Pleroma.HTML
@behaviour Pleroma.Web.ActivityPub.MRF
@mrf_normalize_markup Application.get_env(:pleroma, :mrf_normalize_markup)
def filter(%{"type" => activity_type} = object) when activity_type == "Create" do
scrub_policy = Keyword.get(@mrf_normalize_markup, :scrub_policy)
child = object["object"]
content =
child["content"]
|> HTML.filter_tags(scrub_policy)
child = Map.put(child, "content", content)
object = Map.put(object, "object", child)
{:ok, object}
end
def filter(object), do: {:ok, object}
end