From e5307676450e1d7d9ee54513ac2ba4e26145c010 Mon Sep 17 00:00:00 2001 From: Aevann Date: Sun, 24 Sep 2023 22:25:57 +0300 Subject: [PATCH] dedup --- files/helpers/sanitize.py | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 3ed11a8a5..5434f54d1 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -604,36 +604,32 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=False, count_emojis link.string = link["href"] href = link["href"] - def unlinkfy(): + def unlinkfy_and_continue(): link.string = href del link["href"] + continue #\ in href right after / makes most browsers ditch site hostname and allows for a host injection bypassing the check, see cool if "\\" in href: - unlinkfy() - continue + unlinkfy_and_continue() #don't allow something like this https://rdrama.net/post/78376/reminder-of-the-fact-that-our/2150032#context domain = tldextract.extract(href).registered_domain if domain and not allowed_domain_regex.fullmatch(domain): - unlinkfy() - continue + unlinkfy_and_continue() #check for banned domain combined = (domain + urlparse(href).path).lower() if any((combined.startswith(x) for x in banned_domains)): - unlinkfy() - continue + unlinkfy_and_continue() #don't allow something like this [@Aevann2](https://iplogger.org/1fRKk7) if str(link.string).startswith('@') and not href.startswith('/'): - unlinkfy() - continue + unlinkfy_and_continue() #don't allow something like this [!jannies](https://iplogger.org/1fRKk7) if str(link.string).startswith('!') and not href.startswith('/'): - unlinkfy() - continue + unlinkfy_and_continue() #don't allow something like this [https://rԁrama.net/leaderboard](https://iplogger.org/1fRKk7) if not snappy and not post_mention_notif: