From 0b15290ccffdc38d0e2ae3b120b18b27d45d04e8 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Wed, 20 Sep 2023 18:54:57 +0300
Subject: [PATCH] simpler fix to the transform exploit

---
 files/assets/css/main.css | 4 ++++
 files/helpers/sanitize.py | 2 --
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/files/assets/css/main.css b/files/assets/css/main.css
index 34c81a9280..51966b0e36 100644
--- a/files/assets/css/main.css
+++ b/files/assets/css/main.css
@@ -7744,3 +7744,7 @@ body {
 		resize: none !important;
 	}
 }
+
+p { /* fix the transform:exploit */
+	overflow: hidden !important;
+}
diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 25df485de1..f5ecc46fc3 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -58,8 +58,6 @@ allowed_styles = ['background-color', 'color', 'filter', 'font-weight', 'text-al
 def allowed_attributes(tag, name, value):
 
 	if name == 'style':
-		if 'transform' in value.lower() and 'scale' in value.lower():
-			return False
 		return True
 
 	if tag == 'marquee':