forked from rDrama/rDrama
parent
fe5ffd1bcf
commit
9160a853ec
|
@ -296,9 +296,6 @@ class Comment(Base):
|
|||
if not self.ghost and self.author.show_sig(v):
|
||||
body += f'<section id="signature-{self.author.id}" class="user-signature"><hr>{self.author.sig_html}</section>'
|
||||
|
||||
if v:
|
||||
body = body.replace("!YOU!", v.username)
|
||||
|
||||
return body
|
||||
|
||||
@lazy
|
||||
|
@ -312,9 +309,6 @@ class Comment(Base):
|
|||
|
||||
body = censor_slurs(body, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
||||
|
||||
if v:
|
||||
body = body.replace("!YOU!", v.username)
|
||||
|
||||
return body
|
||||
|
||||
@lazy
|
||||
|
|
|
@ -319,9 +319,6 @@ class Submission(Base):
|
|||
if not listing and not self.ghost and self.author.show_sig(v):
|
||||
body += f'<section id="signature-{self.author.id}" class="user-signature"><hr>{self.author.sig_html}</section>'
|
||||
|
||||
if v:
|
||||
body = body.replace("!YOU!", v.username)
|
||||
|
||||
return body
|
||||
|
||||
@lazy
|
||||
|
@ -335,9 +332,6 @@ class Submission(Base):
|
|||
body = censor_slurs(body, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
||||
body = normalize_urls_runtime(body, v)
|
||||
|
||||
if v:
|
||||
body = body.replace("!YOU!", v.username)
|
||||
|
||||
return body
|
||||
|
||||
@lazy
|
||||
|
@ -346,9 +340,6 @@ class Submission(Base):
|
|||
|
||||
title = censor_slurs(title, v)
|
||||
|
||||
if v:
|
||||
title = title.replace("!YOU!", v.username)
|
||||
|
||||
return title
|
||||
|
||||
@lazy
|
||||
|
@ -357,9 +348,6 @@ class Submission(Base):
|
|||
|
||||
title = censor_slurs(title, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
||||
|
||||
if v:
|
||||
title = title.replace("!YOU!", v.username)
|
||||
|
||||
return title
|
||||
|
||||
@property
|
||||
|
|
|
@ -1019,7 +1019,6 @@ class User(Base):
|
|||
if not cls.can_see(user, other.author): return False
|
||||
if user and user.id == other.author_id: return True
|
||||
if isinstance(other, Submission):
|
||||
if "!YOU!" in other.title and not user: return False
|
||||
if browser != 'webview' and other.author_id == AEVANN_ID and other.title.startswith('[ANDROID]'):
|
||||
return user and user.admin_level >= PERMS['POST_COMMENT_MODERATION']
|
||||
if browser != 'apple' and other.author_id == CARP_ID and other.title.startswith('[APPLE]'):
|
||||
|
|
|
@ -1603,11 +1603,9 @@ def is_site_url(url):
|
|||
|
||||
def is_safe_url(url):
|
||||
domain = tldextract.extract(url)
|
||||
return ((
|
||||
is_site_url(url)
|
||||
or domain.registered_domain in approved_embed_hosts
|
||||
or domain.fqdn in approved_embed_hosts
|
||||
) and '!YOU!' not in url)
|
||||
return (is_site_url(url)
|
||||
or domain.registered_domain in approved_embed_hosts
|
||||
or domain.fqdn in approved_embed_hosts)
|
||||
|
||||
|
||||
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
||||
|
|
|
@ -61,7 +61,7 @@ def allowed_attributes(tag, name, value):
|
|||
return False
|
||||
|
||||
if tag == 'a':
|
||||
if name == 'href' and '\\' not in value and 'xn--' not in value and '!YOU!' not in value:
|
||||
if name == 'href' and '\\' not in value and 'xn--' not in value:
|
||||
return True
|
||||
if name == 'rel' and value == 'nofollow noopener': return True
|
||||
if name == 'target' and value == '_blank': return True
|
||||
|
|
Loading…
Reference in New Issue