diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 89b5d5b59..66deb2799 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -42,8 +42,7 @@ def allowed_attributes(tag, name, value):
if name == 'loading' and value == 'lazy': return True
if name == 'referrpolicy' and value == 'no-referrer': return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
- if name in ['alt','title','g','b','pat']: return True
- if name == 'class' and value == 'pat-hand': return True
+ if name in ['alt','title','g','b']: return True
return False
if tag == 'lite-youtube':
@@ -71,7 +70,6 @@ def allowed_attributes(tag, name, value):
return False
if tag == 'span':
- if name == 'class' and value in ['pat-container', 'pat-hand']: return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
if name == 'title': return True
if name == 'alt': return True
@@ -117,12 +115,10 @@ def render_emoji(html, regexp, edit, marseys_used=set(), b=False):
if emoji.endswith('pat'):
if path.isfile(f"files/assets/images/emojis/{emoji.replace('pat','')}.webp"):
- attrs += ' pat'
- emoji_html = f'{emoji_partial_pat.format(old, f"/e/{emoji[:-3]}.webp", attrs)}'
+ emoji_html = f'
{emoji_partial_pat.format(old, f"/e/{emoji[:-3]}.webp", attrs)}'
elif emoji.startswith('@'):
if u := get_user(emoji[1:-3], graceful=True):
- attrs += ' pat'
- emoji_html = f'
{emoji_partial_pat.format(old, f"/pp/{u.id}", attrs)}'
+ emoji_html = f'
{emoji_partial_pat.format(old, f"/pp/{u.id}", attrs)}'
elif path.isfile(f'files/assets/images/emojis/{emoji}.webp'):
emoji_html = emoji_partial.format(old, f'/e/{emoji}.webp', attrs)
@@ -320,6 +316,12 @@ def allowed_attributes_emojis(tag, name, value):
if name == 'loading' and value == 'lazy': return True
if name == 'data-bs-toggle' and value == 'tooltip': return True
if name in ['src','alt','title','g']: return True
+
+ if tag == 'span':
+ if name == 'data-bs-toggle' and value == 'tooltip': return True
+ if name == 'title': return True
+ if name == 'alt': return True
+ return False
return False
@@ -334,7 +336,7 @@ def filter_emojis_only(title, edit=False, graceful=False):
title = strikethrough_regex.sub(r'
\1', title)
- title = bleach.clean(title, tags=['img','del'], attributes=allowed_attributes_emojis, protocols=['http','https'])
+ title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https'])
signal.alarm(0)
diff --git a/files/templates/authforms.html b/files/templates/authforms.html
index 2d6cd3790..79d60118c 100644
--- a/files/templates/authforms.html
+++ b/files/templates/authforms.html
@@ -15,7 +15,7 @@
{% if v %}
-
+
{% if v.agendaposter %}
-
+
{% endif %}
diff --git a/files/templates/chat.html b/files/templates/chat.html
index a35fbb4b7..cf697f29a 100644
--- a/files/templates/chat.html
+++ b/files/templates/chat.html
@@ -14,7 +14,7 @@