From 8df3135ad0f53b0d76450733977922756fadcfb1 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Sun, 14 May 2023 19:45:58 +0300
Subject: [PATCH] disallow 2 possible bypasses i thought of on bed

---
 files/helpers/sanitize.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index fd7fe2603..9014f7d48 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -532,6 +532,16 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_emojis=
 			unlinkfy()
 			continue
 
+		#don't allow something like this [@Aevann2](https://iplogger.org/1fRKk7)
+		if str(link.string).startswith('@') and not href.startswith('/'):
+			unlinkfy()
+			continue
+
+		#don't allow something like this [!jannies](https://iplogger.org/1fRKk7)
+		if str(link.string).startswith('!') and not href.startswith('/'):
+			unlinkfy()
+			continue
+
 		#don't allow something like this [https://rԁrama.net/leaderboard](https://iplogger.org/1fRKk7)
 		if not snappy and tldextract.extract(str(link.string)).registered_domain:
 			link.string = href