diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 89b5d5b59..66deb2799 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -42,8 +42,7 @@ def allowed_attributes(tag, name, value): if name == 'loading' and value == 'lazy': return True if name == 'referrpolicy' and value == 'no-referrer': return True if name == 'data-bs-toggle' and value == 'tooltip': return True - if name in ['alt','title','g','b','pat']: return True - if name == 'class' and value == 'pat-hand': return True + if name in ['alt','title','g','b']: return True return False if tag == 'lite-youtube': @@ -71,7 +70,6 @@ def allowed_attributes(tag, name, value): return False if tag == 'span': - if name == 'class' and value in ['pat-container', 'pat-hand']: return True if name == 'data-bs-toggle' and value == 'tooltip': return True if name == 'title': return True if name == 'alt': return True @@ -117,12 +115,10 @@ def render_emoji(html, regexp, edit, marseys_used=set(), b=False): if emoji.endswith('pat'): if path.isfile(f"files/assets/images/emojis/{emoji.replace('pat','')}.webp"): - attrs += ' pat' - emoji_html = f'{emoji_partial_pat.format(old, f"/e/{emoji[:-3]}.webp", attrs)}' + emoji_html = f'{emoji_partial_pat.format(old, f"/e/{emoji[:-3]}.webp", attrs)}' elif emoji.startswith('@'): if u := get_user(emoji[1:-3], graceful=True): - attrs += ' pat' - emoji_html = f'{emoji_partial_pat.format(old, f"/pp/{u.id}", attrs)}' + emoji_html = f'{emoji_partial_pat.format(old, f"/pp/{u.id}", attrs)}' elif path.isfile(f'files/assets/images/emojis/{emoji}.webp'): emoji_html = emoji_partial.format(old, f'/e/{emoji}.webp', attrs) @@ -320,6 +316,12 @@ def allowed_attributes_emojis(tag, name, value): if name == 'loading' and value == 'lazy': return True if name == 'data-bs-toggle' and value == 'tooltip': return True if name in ['src','alt','title','g']: return True + + if tag == 'span': + if name == 'data-bs-toggle' and value == 'tooltip': return True + if name == 'title': return True + if name == 'alt': return True + return False return False @@ -334,7 +336,7 @@ def filter_emojis_only(title, edit=False, graceful=False): title = strikethrough_regex.sub(r'\1', title) - title = bleach.clean(title, tags=['img','del'], attributes=allowed_attributes_emojis, protocols=['http','https']) + title = bleach.clean(title, tags=['img','del','span'], attributes=allowed_attributes_emojis, protocols=['http','https']) signal.alarm(0) diff --git a/files/templates/authforms.html b/files/templates/authforms.html index 2d6cd3790..79d60118c 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -15,7 +15,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/chat.html b/files/templates/chat.html index a35fbb4b7..cf697f29a 100644 --- a/files/templates/chat.html +++ b/files/templates/chat.html @@ -14,7 +14,7 @@ Chat - + {% if v.css %} diff --git a/files/templates/comments.html b/files/templates/comments.html index 929f5cf41..8264ed8cd 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -845,7 +845,7 @@ {% endif %} {% if v %} - + {% endif %} diff --git a/files/templates/default.html b/files/templates/default.html index 4f4be96a6..65b32a9a6 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -7,7 +7,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/formatting.html b/files/templates/formatting.html index 1ca22135b..c54331aa9 100644 --- a/files/templates/formatting.html +++ b/files/templates/formatting.html @@ -104,12 +104,12 @@ Text 2 Pat Emojis :marseylovepat: - :marseylovepat: + :marseylovepat: Pat User :@snappypat: - :@snappypat: + :@snappypat: Random Marsey diff --git a/files/templates/log.html b/files/templates/log.html index beafaef8c..ff2ff79bf 100644 --- a/files/templates/log.html +++ b/files/templates/log.html @@ -6,7 +6,7 @@ {% block content %} {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/login.html b/files/templates/login.html index 6747c4392..6fb7cd336 100644 --- a/files/templates/login.html +++ b/files/templates/login.html @@ -18,7 +18,7 @@ {% endblock %} - + diff --git a/files/templates/login_2fa.html b/files/templates/login_2fa.html index 7fce5d5e9..7311290a4 100644 --- a/files/templates/login_2fa.html +++ b/files/templates/login_2fa.html @@ -14,7 +14,7 @@ 2-Step Login - {{SITE_NAME}} - + diff --git a/files/templates/settings.html b/files/templates/settings.html index 1b2564b19..de414b787 100644 --- a/files/templates/settings.html +++ b/files/templates/settings.html @@ -34,7 +34,7 @@ - + {% if v.agendaposter %} - + {% else %} - + {% endif %} diff --git a/files/templates/sign_up.html b/files/templates/sign_up.html index 31498bf84..a22e43fa6 100644 --- a/files/templates/sign_up.html +++ b/files/templates/sign_up.html @@ -31,7 +31,7 @@ {% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}Sign up - {{SITE_NAME}}{% endif %} - + diff --git a/files/templates/sign_up_failed_ref.html b/files/templates/sign_up_failed_ref.html index 7bc51d1cf..2e545e8e6 100644 --- a/files/templates/sign_up_failed_ref.html +++ b/files/templates/sign_up_failed_ref.html @@ -32,7 +32,7 @@ {% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}{{SITE_NAME}}{% endif %} - + diff --git a/files/templates/submit.html b/files/templates/submit.html index c68aa27e5..94ec7b9a5 100644 --- a/files/templates/submit.html +++ b/files/templates/submit.html @@ -26,7 +26,7 @@ {% block stylesheets %} {% if v %} - + {% if v.agendaposter %} - + {% endif %} {% endblock %} @@ -224,7 +224,7 @@ {% endif %} - + {% include "emoji_modal.html" %} diff --git a/files/templates/userpage.html b/files/templates/userpage.html index 3d3c8083b..88a505d1f 100644 --- a/files/templates/userpage.html +++ b/files/templates/userpage.html @@ -769,7 +769,7 @@ {% endif %} - + {% if v and v.id != u.id and '/comments' not in request.path %}