diff --git a/files/classes/submission.py b/files/classes/submission.py index cedb8594c1..d24081541e 100644 --- a/files/classes/submission.py +++ b/files/classes/submission.py @@ -478,7 +478,7 @@ class Submission(Base): @property @lazy def is_image(self): - if self.url and (self.url.lower().endswith('.webp') or self.url.lower().endswith('.jpg') or self.url.lower().endswith('.png') or self.url.lower().endswith('.gif') or self.url.lower().endswith('.jpeg') or self.url.lower().endswith('?maxwidth=9999') or self.url.lower().endswith('&fidelity=high')) and embed_check_regex.fullmatch(self.url): + if self.url and (self.url.lower().endswith('.webp') or self.url.lower().endswith('.jpg') or self.url.lower().endswith('.png') or self.url.lower().endswith('.gif') or self.url.lower().endswith('.jpeg') or self.url.lower().endswith('?maxwidth=9999') or self.url.lower().endswith('&fidelity=high')) and (self.url.startswith('/') or self.url.startswith(f'{SITE_FULL}/') or embed_check_regex.fullmatch(self.url)): return True return False diff --git a/files/helpers/const.py b/files/helpers/const.py index 64792560f4..023017348d 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -810,8 +810,8 @@ approved_embed_hosts = [ hosts = "|".join(approved_embed_hosts).replace('.','\.') -image_check_regex = re.compile(f'!\[\]\(((?!(https:\/\/([a-z0-9-]+\.)*({hosts}))?\/).*?)\)', flags=re.A) +image_check_regex = re.compile(f'!\[\]\(((?!(https:\/\/([a-z0-9-]+\.)*({hosts})\/|\/images\/)).*?)\)', flags=re.A) -embed_check_regex = regex.compile(f'(?)(https:\/\/([a-z0-9-]+\.)*({hosts}))?\/[\w:~,()\-.#&\/=?@%;+]*', flags=regex.A) +embed_check_regex = regex.compile(f'(?)https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*', flags=regex.A) -video_regex = regex.compile(f'((?)(https:\/\/([a-z0-9-]+\.)*({hosts}))?\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=regex.A) \ No newline at end of file +video_regex = regex.compile(f'((?)https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=regex.A) \ No newline at end of file diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 2502f54038..a251b6426b 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -37,7 +37,7 @@ def allowed_attributes(tag, name, value): if tag == 'img': if name in ['src','data-src']: - if embed_check_regex.fullmatch(value): return True + if value.startswith('/') or value.startswith(f'{SITE_FULL}/') or embed_check_regex.fullmatch(value): return True else: return False if name == 'loading' and value == 'lazy': return True