master
Aevann1 2022-02-24 11:24:22 +02:00
parent 9430eac030
commit 9590e73b5d
6 changed files with 13 additions and 12 deletions

View File

@ -177,6 +177,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
tag["onclick"] = "expandDesktopImage(this.src);" tag["onclick"] = "expandDesktopImage(this.src);"
tag["data-bs-toggle"] = "modal" tag["data-bs-toggle"] = "modal"
tag["data-bs-target"] = "#expandImageModal" tag["data-bs-target"] = "#expandImageModal"
tag['referrerpolicy'] = "no-referrer"
for tag in soup.find_all("a"): for tag in soup.find_all("a"):
if tag.get("href"): if tag.get("href"):

View File

@ -223,7 +223,7 @@ def api_comment(v):
name = badge_def["name"] name = badge_def["name"]
existing = g.db.query(BadgeDef).filter_by(name=name).one_or_none() existing = g.db.query(BadgeDef).filter_by(name=name).one_or_none()
if existing: return {"error": "A badge with this name already exists!"} if existing: return {"error": "A badge with this name already exists!"}, 403
badge = BadgeDef(name=name, description=badge_def["description"]) badge = BadgeDef(name=name, description=badge_def["description"])
g.db.add(badge) g.db.add(badge)
@ -243,7 +243,7 @@ def api_comment(v):
else: abort(400) else: abort(400)
existing = g.db.query(Marsey.name).filter_by(name=name).one_or_none() existing = g.db.query(Marsey.name).filter_by(name=name).one_or_none()
if existing: return {"error": "A marsey with this name already exists!"} if existing: return {"error": "A marsey with this name already exists!"}, 403
marsey = Marsey(name=marsey["name"], author_id=author_id, tags=marsey["tags"], count=0) marsey = Marsey(name=marsey["name"], author_id=author_id, tags=marsey["tags"], count=0)
g.db.add(marsey) g.db.add(marsey)
@ -684,7 +684,7 @@ def api_comment(v):
g.db.commit() g.db.commit()
if request.headers.get("Authorization"): return c.json if request.headers.get("Authorization"): return c.json
return render_template("comments.html", v=v, comments=[c], ajax=True) return {"comment": c.body_html}
@ -897,7 +897,7 @@ def edit_comment(cid, v):
g.db.commit() g.db.commit()
return c.realbody(v) return {"comment": c.realbody(v)}
@app.post("/delete/comment/<cid>") @app.post("/delete/comment/<cid>")

View File

@ -595,7 +595,7 @@ def messagereply(v):
g.db.add(notif) g.db.add(notif)
g.db.commit() g.db.commit()
return render_template("comments.html", v=v, comments=[new_comment], ajax=True) return {"comment": render_template("comments.html", v=v, comments=[new_comment], ajax=True)}
@app.get("/2faqr/<secret>") @app.get("/2faqr/<secret>")
@auth_required @auth_required

View File

@ -147,7 +147,7 @@
</div> </div>
{% endif %} {% endif %}
{% if c.sentto and c.level > 1 %} {% if c.parent_comment and c.parent_comment.sentto %}
{% set isreply = True %} {% set isreply = True %}
{% else %} {% else %}
{% set isreply = False %} {% set isreply = False %}
@ -871,7 +871,7 @@
{% if v %} {% if v %}
<script src="/static/assets/js/marked.js?a=242"></script> <script src="/static/assets/js/marked.js?a=242"></script>
<script src="/static/assets/js/comments_v.js?a=257"></script> <script src="/static/assets/js/comments_v.js?a=259"></script>
{% endif %} {% endif %}
<script src="/static/assets/js/clipboard.js?a=250"></script> <script src="/static/assets/js/clipboard.js?a=250"></script>

View File

@ -54,7 +54,7 @@ You can use Markdown formatting:
<tr> <tr>
<td>Images</td> <td>Images</td>
<td>https://i.imgur.com/Lf6dfPO.jpg</td> <td>https://i.imgur.com/Lf6dfPO.jpg</td>
<td><img loading="lazy" alt="example image" src="https://i.imgur.com/Lf6dfPO.jpg"></td> <td><img loading="lazy" alt="example image" referrerpolicy="no-referrer" src="https://i.imgur.com/Lf6dfPO.jpg"></td>
</tr> </tr>
<tr> <tr>
<td>Youtube Videos</td> <td>Youtube Videos</td>
@ -64,7 +64,7 @@ You can use Markdown formatting:
<tr> <tr>
<td>Video Files</td> <td>Video Files</td>
<td>https://files.catbox.moe/v4om92.mp4</td> <td>https://files.catbox.moe/v4om92.mp4</td>
<td><video controls preload="none" class="embedvid"><source src="https://files.catbox.moe/v4om92.mp4" type="video/mp4"></video></td> <td><video controls preload="none" class="embedvid"><source referrerpolicy="no-referrer" src="https://files.catbox.moe/v4om92.mp4" type="video/mp4"></video></td>
</tr> </tr>
<tr> <tr>
<td>Emojis</td> <td>Emojis</td>
@ -465,10 +465,10 @@ line breaks
<tr> <tr>
<td>Images</td> <td>Images</td>
<td> <td>
&lt;img src="https://i.imgur.com/SwVuagI_d.webp" width="200"&gt; &lt;img referrerpolicy="no-referrer" src="https://i.imgur.com/SwVuagI_d.webp" width="200"&gt;
</td> </td>
<td> <td>
<img loading="lazy" alt="example image" src="https://i.imgur.com/SwVuagI_d.webp" width="200"> <img loading="lazy" alt="example image" referrerpolicy="no-referrer" src="https://i.imgur.com/SwVuagI_d.webp" width="200">
</td> </td>
</tr> </tr>
</tbody> </tbody>

View File

@ -26,4 +26,4 @@
</div> </div>
</div> </div>
<script src="/static/assets/js/gif_modal.js?a=242"></script> <script src="/static/assets/js/gif_modal.js?a=243"></script>