rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

fdfd

remotes/1693045480750635534/spooky-22
Aevann1 2021-08-31 23:54:34 +02:00
parent f85c0d19ac
commit 301bac93f4
3 changed files with 61 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
files/helpers/alerts.py
View File

@ -39,7 +39,7 @@ def send_pm(vid, user, text):
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text))
text_html = sanitize(text_html) text_html = sanitize(text_html, True)
new_comment = Comment(author_id=vid, new_comment = Comment(author_id=vid,
parent_submission=None, parent_submission=None,
@ -166,7 +166,7 @@ def send_admin(vid, text):
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text))
text_html = sanitize(text_html) text_html = sanitize(text_html, True)
new_comment = Comment(author_id=vid, new_comment = Comment(author_id=vid,
parent_submission=None, parent_submission=None,

70
files/helpers/sanitize.py
View File

@ -42,6 +42,39 @@ _allowed_tags = tags = ['b',
'span', 'span',
] ]
noimages = ['b',
'blockquote',
'br',
'code',
'del',
'em',
'h1',
'h2',
'h3',
'h4',
'h5',
'h6',
'hr',
'i',
'li',
'ol',
'p',
'pre',
'strong',
'sub',
'sup',
'table',
'tbody',
'th',
'thead',
'td',
'tr',
'ul',
'marquee',
'a',
'span',
]
_allowed_attributes = { _allowed_attributes = {
'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-original-name'] '*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-original-name']
} }
@ -84,24 +117,37 @@ def a_modify(attrs, whatever):
return attrs return attrs
def sanitize(sanitized): def sanitize(sanitized, noimages=False):
sanitized = sanitized.replace("\ufeff", "").replace("m.youtube.com", "youtube.com") sanitized = sanitized.replace("\ufeff", "").replace("m.youtube.com", "youtube.com")
for i in re.finditer('https://i.imgur.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized): for i in re.finditer('https://i.imgur.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized):
sanitized = sanitized.replace(i.group(1), i.group(2) + "_d." + i.group(3) + "?maxwidth=9999") sanitized = sanitized.replace(i.group(1), i.group(2) + "_d." + i.group(3) + "?maxwidth=9999")
sanitized = bleach.Cleaner(tags=_allowed_tags, if noimages:
attributes=_allowed_attributes, sanitized = bleach.Cleaner(tags=noimages,
protocols=_allowed_protocols, attributes=_allowed_attributes,
styles=_allowed_styles, protocols=_allowed_protocols,
filters=[partial(LinkifyFilter, styles=_allowed_styles,
skip_tags=["pre"], filters=[partial(LinkifyFilter,
parse_email=False, skip_tags=["pre"],
callbacks=[a_modify] parse_email=False,
) callbacks=[a_modify]
] )
).clean(sanitized) ]
).clean(sanitized)
else:
sanitized = bleach.Cleaner(tags=_allowed_tags,
attributes=_allowed_attributes,
protocols=_allowed_protocols,
styles=_allowed_styles,
filters=[partial(LinkifyFilter,
skip_tags=["pre"],
parse_email=False,
callbacks=[a_modify]
)
]
).clean(sanitized)
#soupify #soupify
soup = BeautifulSoup(sanitized, features="html.parser") soup = BeautifulSoup(sanitized, features="html.parser")

2
files/routes/users.py
View File

@ -241,7 +241,7 @@ def messagereply(v):
else: return redirect(f'/notifications?messages=true#comment-{existing.id}') else: return redirect(f'/notifications?messages=true#comment-{existing.id}')
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(message)) with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(message))
text_html = sanitize(text_html) text_html = sanitize(text_html, True)
new_comment = Comment(author_id=v.id, new_comment = Comment(author_id=v.id,
parent_submission=None, parent_submission=None,
parent_comment_id=id, parent_comment_id=id,