diff --git a/files/helpers/const.py b/files/helpers/const.py index 7d0b2fe9d..6120b62e6 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -670,7 +670,7 @@ if SITE_NAME == 'PCM': AWARDS2 = deepcopy(AWARDS) for k, val in AWARDS.items(): if val['description'] == '???' and not (k == 'ghost' and SITE_NAME == 'PCM'): AWARDS2.pop(k) - if SITE == 'pcmemes.net' and k in ('ban','pizzashill','marsey','bird','grass','chud'): AWARDS2.pop(k) + if SITE == 'pcmemes.net' and k in ('ban','pizzashill','marsey','bird','grass','chud','unblockable'): AWARDS2.pop(k) AWARDS3 = {} diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index d45cec26e..5c11581d6 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -40,9 +40,10 @@ def allowed_attributes(tag, name, value): else: return False if name == 'loading' and value == 'lazy': return True - if name == 'referrpolicy' and value == 'no-referrer': return True if name == 'data-bs-toggle' and value == 'tooltip': return True - if name in ['alt','title','g','b']: return True + if name in ['g','b'] and not value: return True + if name in ['alt','title']: return True + if name == 'referrpolicy' and value == 'no-referrer': return True return False if tag == 'lite-youtube': @@ -323,9 +324,11 @@ def sanitize(sanitized, alert=False, comment=False, edit=False): def allowed_attributes_emojis(tag, name, value): if tag == 'img': + if name == 'src' and value.startswith('/'): return True if name == 'loading' and value == 'lazy': return True if name == 'data-bs-toggle' and value == 'tooltip': return True - if name in ['src','alt','title','g']: return True + if name == 'g' and not value: return True + if name in ['alt','title']: return True if tag == 'span': if name == 'data-bs-toggle' and value == 'tooltip': return True diff --git a/files/templates/authforms.html b/files/templates/authforms.html index 79d60118c..eb0b3ea8e 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -15,7 +15,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% if v.css %} diff --git a/files/templates/default.html b/files/templates/default.html index 74f120ee8..49c8ff49a 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -8,7 +8,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/log.html b/files/templates/log.html index ff2ff79bf..96111d1fc 100644 --- a/files/templates/log.html +++ b/files/templates/log.html @@ -6,7 +6,7 @@ {% block content %} {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/login.html b/files/templates/login.html index 6fb7cd336..9248feb81 100644 --- a/files/templates/login.html +++ b/files/templates/login.html @@ -18,7 +18,7 @@ {% endblock %} - + diff --git a/files/templates/login_2fa.html b/files/templates/login_2fa.html index 7311290a4..f47fa523f 100644 --- a/files/templates/login_2fa.html +++ b/files/templates/login_2fa.html @@ -14,7 +14,7 @@