diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 42caf6da1d..71424df5b1 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -49,14 +49,9 @@ TLDS = ( # Original gTLDs and ccTLDs 'red','city','quest','works' ) -allowed_tags = ( - 'b','blockquote','br','code','del','em','h1','h2','h3','h4','h5','h6','hr','i', - 'li','ol','p','pre','strong','sub','sup','table','tbody','th','thead','td','tr','ul', - 'marquee','a','span','ruby','rp','rt','spoiler','img','lite-youtube','video','audio','g','u','small', - 'strike','center','details','summary', - ) +allowed_tags = ('a','audio','b','blockquote','br','center','code','del','details','em','g','h1','h2','h3','h4','h5','h6','hr','i','img','li','lite-youtube','marquee','ol','p','pre','rp','rt','ruby','small','span','spoiler','strike','strong','sub','summary','sup','table','tbody','td','th','thead','tr','u','ul','video') -allowed_styles = ['color', 'background-color', 'font-weight', 'text-align'] +allowed_styles = ['background-color', 'color', 'filter', 'font-weight', 'text-align'] def allowed_attributes(tag, name, value): @@ -508,10 +503,9 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=False, count_emojis sanitized = sanitized.replace('
', '') + allowed_css_properties = allowed_styles.copy() if g.v and g.v.chud: - allowed_css_properties = allowed_styles - else: - allowed_css_properties = allowed_styles + ["filter"] + allowed_css_properties.remove('filter') css_sanitizer = CSSSanitizer(allowed_css_properties=allowed_css_properties) sanitized = bleach.Cleaner(tags=allowed_tags, diff --git a/files/routes/static.py b/files/routes/static.py index 8f8be2a3df..d941abfbcd 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -358,7 +358,7 @@ def blocks(v): @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @auth_required def formatting(v): - return render_template("formatting.html", v=v) + return render_template("formatting.html", v=v, allowed_tags=allowed_tags, allowed_styles=allowed_styles) @app.get("/app") @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) diff --git a/files/templates/formatting.html b/files/templates/formatting.html index 8924e38021..2147b089b4 100644 --- a/files/templates/formatting.html +++ b/files/templates/formatting.html @@ -5,7 +5,7 @@Name | @@ -286,395 +286,40 @@ Text 2
---|
Name | -What you type | -What gets displayed | -|||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Span | -- My mother has <span style="color:blue">blue</span> eyes. - | -- My mother has blue eyes. - | -|||||||||
Bold | -This will be <b>bold</b> | -- This will be bold - | -|||||||||
Blockquote | -- <blockquote>This is a blockquote</blockquote> - | -
- - This is a blockquote -- |
- |||||||||
Greentext | ->text | -||||||||||
Line Break | -
- -Line 1 -<br> -Line 2 -- |
-
- Line 1
- - Line 2 - |
- |||||||||
Code | -- <code>This is code</code> - | -
- This is code
- |
- |||||||||
Strikethrough | -- The last word will have a <del>strikethrough</del> - | -
- The last word will have a |
- |||||||||
Emphasis | -- We <em>cannot</em> live like this. - | -- We cannot live like this. - | -|||||||||
Headings | -
- -<h1>This is heading 1</h1> -<h2>This is heading 2</h2> -<h3>This is heading 3</h3> -<h4>This is heading 4</h4> -<h5>This is heading 5</h5> -<h6>This is heading 6</h6> -- |
-
- This is heading 1-This is heading 2-This is heading 3-This is heading 4-This is heading 5-This is heading 6- |
- |||||||||
Horizontal Rule | -
- -Text 1 -<hr> -Text 2 -- |
-
- Text 1
- - Text 2 - |
- |||||||||
Italics | -- <i>This</i> is how you get italics. - | -- This is how you get italics. - | -|||||||||
Lists | -
- -<ul> - <li>Bullet 1</li> - <li>Bullet 2</li> -</ul> -<ol> - <li>Number 1</li> - <li>Number 2</li> -</ol> -- |
-
-
|
- |||||||||
Paragraphs | -
- -<p>Paragraph 1</p> -<p>Paragraph 2</p> -- |
-
- Paragraph 1 -Paragraph 2 - |
- |||||||||
Preformatted Text | --<pre> - Text in a pre element - is displayed in a fixed-width - font, and it preserves - both spaces and - line breaks -</pre> - |
-
- -Text in a pre element -is displayed in a fixed-width -font, and it preserves -both spaces and -line breaks -- |
- |||||||||
Strong | -- <strong>This text is important!</strong> - | -- This text is important! - | -|||||||||
Subscript | -- This text contains <sub>subscript</sub> text. - | -- This text contains subscript text. - | -|||||||||
Superscript | -- E = mc<sup>2</sup> - | -- E = mc2 - | -|||||||||
Tables | --<table> - <thead> - <tr> - <td>Col 1</td> - <td>Col 2</td> - <td>Col 3</td> - </tr> - </thead> - <tbody> - <tr> - <td>1</td> - <td>2</td> - <td>3</td> - </tr> - <tr> - <td>4</td> - <td>5</td> - <td>6</td> - </tr> - </tbody> -</table>- |
-
-
|
- |||||||||
Marquee | -- <marquee direction="up" behavior="scroll" scrollamount="10" height="250"> - This is a sample scrolling text that has scrolls in the upper direction. - </marquee> - | -- - | -|||||||||
Links | -- This is a <a href='https://www.w3schools.com/tags/tag_a.asp'>link</a> - | -- This is a link - | -|||||||||
Images | -- <img src="https://i.imgur.com/SwVuagI_d.webp" width="200"> - | -- - | -|||||||||
Underlined Text | -- <u>fart</u> - | -- fart - | -
Name | -
---|
href | -
style | -
src | -
class | -
title | -
direction | -
behavior | -
scrollamount | -
Name | -
---|
color | -
background-color | -
font-weight | -
text-align | -
Host | -
---|
{{host}} | -