From 6a7fc72e7cd4ef9c78e3fc4871f8486a3c682f68 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Fri, 5 May 2023 03:07:25 +0300
Subject: [PATCH] disable browser-killing exploit

---
 files/helpers/sanitize.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 9048ba7b1..c6702335b 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -354,6 +354,10 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_emojis=
 	sanitized = sanitized.strip()
 	if not sanitized: return ''
 
+	if "style" in sanitized and "filter" in sanitized:
+		if sanitized.count("blur(") + sanitized.count("drop-shadow(") > 5:
+			abort(400, "Too many filters!")
+
 	if blackjack and execute_blackjack(g.v, None, sanitized, blackjack):
 		sanitized = 'g'