fdfd
parent
f85c0d19ac
commit
301bac93f4
|
@ -39,7 +39,7 @@ def send_pm(vid, user, text):
|
||||||
|
|
||||||
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text))
|
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text))
|
||||||
|
|
||||||
text_html = sanitize(text_html)
|
text_html = sanitize(text_html, True)
|
||||||
|
|
||||||
new_comment = Comment(author_id=vid,
|
new_comment = Comment(author_id=vid,
|
||||||
parent_submission=None,
|
parent_submission=None,
|
||||||
|
@ -166,7 +166,7 @@ def send_admin(vid, text):
|
||||||
|
|
||||||
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text))
|
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text))
|
||||||
|
|
||||||
text_html = sanitize(text_html)
|
text_html = sanitize(text_html, True)
|
||||||
|
|
||||||
new_comment = Comment(author_id=vid,
|
new_comment = Comment(author_id=vid,
|
||||||
parent_submission=None,
|
parent_submission=None,
|
||||||
|
|
|
@ -42,6 +42,39 @@ _allowed_tags = tags = ['b',
|
||||||
'span',
|
'span',
|
||||||
]
|
]
|
||||||
|
|
||||||
|
noimages = ['b',
|
||||||
|
'blockquote',
|
||||||
|
'br',
|
||||||
|
'code',
|
||||||
|
'del',
|
||||||
|
'em',
|
||||||
|
'h1',
|
||||||
|
'h2',
|
||||||
|
'h3',
|
||||||
|
'h4',
|
||||||
|
'h5',
|
||||||
|
'h6',
|
||||||
|
'hr',
|
||||||
|
'i',
|
||||||
|
'li',
|
||||||
|
'ol',
|
||||||
|
'p',
|
||||||
|
'pre',
|
||||||
|
'strong',
|
||||||
|
'sub',
|
||||||
|
'sup',
|
||||||
|
'table',
|
||||||
|
'tbody',
|
||||||
|
'th',
|
||||||
|
'thead',
|
||||||
|
'td',
|
||||||
|
'tr',
|
||||||
|
'ul',
|
||||||
|
'marquee',
|
||||||
|
'a',
|
||||||
|
'span',
|
||||||
|
]
|
||||||
|
|
||||||
_allowed_attributes = {
|
_allowed_attributes = {
|
||||||
'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-original-name']
|
'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-original-name']
|
||||||
}
|
}
|
||||||
|
@ -84,24 +117,37 @@ def a_modify(attrs, whatever):
|
||||||
return attrs
|
return attrs
|
||||||
|
|
||||||
|
|
||||||
def sanitize(sanitized):
|
def sanitize(sanitized, noimages=False):
|
||||||
|
|
||||||
sanitized = sanitized.replace("\ufeff", "").replace("m.youtube.com", "youtube.com")
|
sanitized = sanitized.replace("\ufeff", "").replace("m.youtube.com", "youtube.com")
|
||||||
|
|
||||||
for i in re.finditer('https://i.imgur.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized):
|
for i in re.finditer('https://i.imgur.com/(([^_]*?)\.(jpg|png|jpeg))', sanitized):
|
||||||
sanitized = sanitized.replace(i.group(1), i.group(2) + "_d." + i.group(3) + "?maxwidth=9999")
|
sanitized = sanitized.replace(i.group(1), i.group(2) + "_d." + i.group(3) + "?maxwidth=9999")
|
||||||
|
|
||||||
sanitized = bleach.Cleaner(tags=_allowed_tags,
|
if noimages:
|
||||||
attributes=_allowed_attributes,
|
sanitized = bleach.Cleaner(tags=noimages,
|
||||||
protocols=_allowed_protocols,
|
attributes=_allowed_attributes,
|
||||||
styles=_allowed_styles,
|
protocols=_allowed_protocols,
|
||||||
filters=[partial(LinkifyFilter,
|
styles=_allowed_styles,
|
||||||
skip_tags=["pre"],
|
filters=[partial(LinkifyFilter,
|
||||||
parse_email=False,
|
skip_tags=["pre"],
|
||||||
callbacks=[a_modify]
|
parse_email=False,
|
||||||
)
|
callbacks=[a_modify]
|
||||||
]
|
)
|
||||||
).clean(sanitized)
|
]
|
||||||
|
).clean(sanitized)
|
||||||
|
else:
|
||||||
|
sanitized = bleach.Cleaner(tags=_allowed_tags,
|
||||||
|
attributes=_allowed_attributes,
|
||||||
|
protocols=_allowed_protocols,
|
||||||
|
styles=_allowed_styles,
|
||||||
|
filters=[partial(LinkifyFilter,
|
||||||
|
skip_tags=["pre"],
|
||||||
|
parse_email=False,
|
||||||
|
callbacks=[a_modify]
|
||||||
|
)
|
||||||
|
]
|
||||||
|
).clean(sanitized)
|
||||||
|
|
||||||
#soupify
|
#soupify
|
||||||
soup = BeautifulSoup(sanitized, features="html.parser")
|
soup = BeautifulSoup(sanitized, features="html.parser")
|
||||||
|
|
|
@ -241,7 +241,7 @@ def messagereply(v):
|
||||||
else: return redirect(f'/notifications?messages=true#comment-{existing.id}')
|
else: return redirect(f'/notifications?messages=true#comment-{existing.id}')
|
||||||
|
|
||||||
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(message))
|
with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(message))
|
||||||
text_html = sanitize(text_html)
|
text_html = sanitize(text_html, True)
|
||||||
new_comment = Comment(author_id=v.id,
|
new_comment = Comment(author_id=v.id,
|
||||||
parent_submission=None,
|
parent_submission=None,
|
||||||
parent_comment_id=id,
|
parent_comment_id=id,
|
||||||
|
|
Loading…
Reference in New Issue