carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

dedup

master
Aevann 2023-09-24 22:25:57 +03:00
parent e23b528049
commit e530767645
1 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
files/helpers/sanitize.py
View File

@ -604,36 +604,32 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=False, count_emojis
link.string = link["href"] link.string = link["href"]
href = link["href"] href = link["href"]
def unlinkfy(): def unlinkfy_and_continue():
link.string = href link.string = href
del link["href"] del link["href"]
continue
#\ in href right after / makes most browsers ditch site hostname and allows for a host injection bypassing the check, see <a href="/\google.com">cool</a> #\ in href right after / makes most browsers ditch site hostname and allows for a host injection bypassing the check, see <a href="/\google.com">cool</a>
if "\\" in href: if "\\" in href:
unlinkfy() unlinkfy_and_continue()
continue
#don't allow something like this https://rdrama.net/post/78376/reminder-of-the-fact-that-our/2150032#context #don't allow something like this https://rdrama.net/post/78376/reminder-of-the-fact-that-our/2150032#context
domain = tldextract.extract(href).registered_domain domain = tldextract.extract(href).registered_domain
if domain and not allowed_domain_regex.fullmatch(domain): if domain and not allowed_domain_regex.fullmatch(domain):
unlinkfy() unlinkfy_and_continue()
continue
#check for banned domain #check for banned domain
combined = (domain + urlparse(href).path).lower() combined = (domain + urlparse(href).path).lower()
if any((combined.startswith(x) for x in banned_domains)): if any((combined.startswith(x) for x in banned_domains)):
unlinkfy() unlinkfy_and_continue()
continue
#don't allow something like this [@Aevann2](https://iplogger.org/1fRKk7) #don't allow something like this [@Aevann2](https://iplogger.org/1fRKk7)
if str(link.string).startswith('@') and not href.startswith('/'): if str(link.string).startswith('@') and not href.startswith('/'):
unlinkfy() unlinkfy_and_continue()
continue
#don't allow something like this [!jannies](https://iplogger.org/1fRKk7) #don't allow something like this [!jannies](https://iplogger.org/1fRKk7)
if str(link.string).startswith('!') and not href.startswith('/'): if str(link.string).startswith('!') and not href.startswith('/'):
unlinkfy() unlinkfy_and_continue()
continue
#don't allow something like this [https://rԁrama.net/leaderboard](https://iplogger.org/1fRKk7) #don't allow something like this [https://rԁrama.net/leaderboard](https://iplogger.org/1fRKk7)
if not snappy and not post_mention_notif: if not snappy and not post_mention_notif: