From 9590e73b5df50931cdea64862f9ba31cac56b9b3 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 24 Feb 2022 11:24:22 +0200 Subject: [PATCH] farin --- files/helpers/sanitize.py | 1 + files/routes/comments.py | 8 ++++---- files/routes/users.py | 2 +- files/templates/comments.html | 4 ++-- files/templates/formatting.html | 8 ++++---- files/templates/gif_modal.html | 2 +- 6 files changed, 13 insertions(+), 12 deletions(-) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 2fa0b86c9..1445e9c5b 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -177,6 +177,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False): tag["onclick"] = "expandDesktopImage(this.src);" tag["data-bs-toggle"] = "modal" tag["data-bs-target"] = "#expandImageModal" + tag['referrerpolicy'] = "no-referrer" for tag in soup.find_all("a"): if tag.get("href"): diff --git a/files/routes/comments.py b/files/routes/comments.py index 6e87756ee..672c9acfe 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -223,7 +223,7 @@ def api_comment(v): name = badge_def["name"] existing = g.db.query(BadgeDef).filter_by(name=name).one_or_none() - if existing: return {"error": "A badge with this name already exists!"} + if existing: return {"error": "A badge with this name already exists!"}, 403 badge = BadgeDef(name=name, description=badge_def["description"]) g.db.add(badge) @@ -243,7 +243,7 @@ def api_comment(v): else: abort(400) existing = g.db.query(Marsey.name).filter_by(name=name).one_or_none() - if existing: return {"error": "A marsey with this name already exists!"} + if existing: return {"error": "A marsey with this name already exists!"}, 403 marsey = Marsey(name=marsey["name"], author_id=author_id, tags=marsey["tags"], count=0) g.db.add(marsey) @@ -684,7 +684,7 @@ def api_comment(v): g.db.commit() if request.headers.get("Authorization"): return c.json - return render_template("comments.html", v=v, comments=[c], ajax=True) + return {"comment": c.body_html} @@ -897,7 +897,7 @@ def edit_comment(cid, v): g.db.commit() - return c.realbody(v) + return {"comment": c.realbody(v)} @app.post("/delete/comment/") diff --git a/files/routes/users.py b/files/routes/users.py index bf8a09ade..94ca41d1d 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -595,7 +595,7 @@ def messagereply(v): g.db.add(notif) g.db.commit() - return render_template("comments.html", v=v, comments=[new_comment], ajax=True) + return {"comment": render_template("comments.html", v=v, comments=[new_comment], ajax=True)} @app.get("/2faqr/") @auth_required diff --git a/files/templates/comments.html b/files/templates/comments.html index bd3d2249e..85b9cff5e 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -147,7 +147,7 @@ {% endif %} -{% if c.sentto and c.level > 1 %} +{% if c.parent_comment and c.parent_comment.sentto %} {% set isreply = True %} {% else %} {% set isreply = False %} @@ -871,7 +871,7 @@ {% if v %} - + {% endif %} diff --git a/files/templates/formatting.html b/files/templates/formatting.html index b4f5f2240..1cad5c728 100644 --- a/files/templates/formatting.html +++ b/files/templates/formatting.html @@ -54,7 +54,7 @@ You can use Markdown formatting: Images https://i.imgur.com/Lf6dfPO.jpg - example image + example image Youtube Videos @@ -64,7 +64,7 @@ You can use Markdown formatting: Video Files https://files.catbox.moe/v4om92.mp4 - + Emojis @@ -465,10 +465,10 @@ line breaks Images - <img src="https://i.imgur.com/SwVuagI_d.webp" width="200"> + <img referrerpolicy="no-referrer" src="https://i.imgur.com/SwVuagI_d.webp" width="200"> - example image + example image diff --git a/files/templates/gif_modal.html b/files/templates/gif_modal.html index 321a47cf5..f0683b42c 100644 --- a/files/templates/gif_modal.html +++ b/files/templates/gif_modal.html @@ -26,4 +26,4 @@ - \ No newline at end of file + \ No newline at end of file