From 3ce86d1408ea2df820486c5018c8b43a88dde426 Mon Sep 17 00:00:00 2001 From: Aevann Date: Sun, 22 Oct 2023 23:04:39 +0300 Subject: [PATCH] truncate Approved Media Hosts in /formatting --- files/helpers/config/const.py | 6 ++++++ files/routes/static.py | 2 +- files/templates/formatting.html | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/files/helpers/config/const.py b/files/helpers/config/const.py index e68ee4ce5..71ac4e15c 100644 --- a/files/helpers/config/const.py +++ b/files/helpers/config/const.py @@ -889,6 +889,12 @@ approved_embed_hosts = [ 'i.ytimg.com/vi', ] +approved_embed_hosts_domains = [] +for h in approved_embed_hosts: + domain = tldextract.extract(h).registered_domain + if domain not in approved_embed_hosts_domains: + approved_embed_hosts_domains.append(domain) + if SITE_IMAGES not in approved_embed_hosts: approved_embed_hosts = [SITE_IMAGES] + approved_embed_hosts diff --git a/files/routes/static.py b/files/routes/static.py index 6d00decbf..b57672308 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -376,7 +376,7 @@ def mutes(v): @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @auth_required def formatting(v): - return render_template("formatting.html", v=v, allowed_tags=allowed_tags, allowed_styles=allowed_styles) + return render_template("formatting.html", v=v, allowed_tags=allowed_tags, allowed_styles=allowed_styles, approved_embed_hosts_domains=approved_embed_hosts_domains) @app.get("/app") @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) diff --git a/files/templates/formatting.html b/files/templates/formatting.html index 748b9c25d..8c2af5ca7 100644 --- a/files/templates/formatting.html +++ b/files/templates/formatting.html @@ -456,7 +456,7 @@ And we allow custom HTML in most places: Image files, video files, and audio files from these sources will get embedded automatically: