rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

allow css transform

pull/199/head
transbitch 2023-09-10 14:26:09 -04:00
parent 5c04a2e4e7
commit 48396d9d20
3 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
files/assets/css/main.css
View File

@ -7740,3 +7740,8 @@ body {
resize: none !important;
}
}
.transformed-img {
display: inline-flex;
overflow: hidden;
}

10
files/helpers/regex.py
View File

@ -127,7 +127,15 @@ twitch_regex = re.compile('(https:\/\/)?(www\.)?twitch.tv\/(.*)', flags=re.I|re.
link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A)
css_url_regex = re.compile('url\([\'"]?((.|\n)*?)[);}$]', flags=re.I|re.A) # AEVANN, DO NOT TOUCH THIS, IT WENT THROUGH A MILLION ITERATIONS, IT'S PERFECT NOW
css_url_regex = re.compile('url\([\'"]?((.|\n)*?)[);}$]', flags=re.I|re.A) # AEVANN, DO NOT TOUCH THIS, IT WENT THROUGH A MILLION ITERATIONS, IT'S PERFECT NOW <-- you probably dont actually need this anymore lol (CSP covers it)
css_style_attr_regex = re.compile('\s*([\w-]+?)\s*:((".*?"|\'.*?\'|\(.*?\)|{.*?}|\[.*?]|[^;])*);?', flags=re.I|re.A)
"""
CSS style attribute regex explanation:
Each match is one declaration. (Example: "color: red;")
Capture groups:
1. The property name (Example: "color")
2. The value, excluding the trailing ";", but including whitespace (Example: " red")
"""
linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)

21
files/helpers/sanitize.py
View File

@ -53,7 +53,11 @@ TLDS = ( # Original gTLDs and ccTLDs
allowed_tags = ('a','audio','b','big','blockquote','br','center','code','del','details','em','g','h1','h2','h3','h4','h5','h6','hr','i','img','li','lite-youtube','marquee','ol','p','pre','rp','rt','ruby','small','span','spoiler','strike','strong','sub','summary','sup','table','tbody','td','th','thead','tr','u','ul','video')
allowed_styles = ['background-color', 'color', 'filter', 'font-weight', 'text-align']
allowed_global_styles = ['background-color', 'color', 'filter', 'font-weight', 'text-align']
additional_img_styles = ['transform']
allowed_styles = allowed_global_styles + additional_img_styles
def allowed_attributes(tag, name, value):
@ -581,6 +585,21 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=False, count_emojis
#doing this here cuz of the linkifyfilter right above it (therefore unifying all link processing logic)
soup = BeautifulSoup(sanitized, 'lxml')
# style validation
styled_elements = soup.find_all(style=True)
for element in styled_elements:
# Images have all allowed styles, so we dont need to check these
if element.name == 'img':
# We will wrap the images in a div so that they cannot leave the container
element.wrap(soup.new_tag('div', **{'class': 'transformed-img'}))
continue
style = element['style']
matches = css_style_attr_regex.findall(style)
for match in matches:
if match[0] not in allowed_global_styles:
error(f"Invalid style property: {match[0]}")
links = soup.find_all("a")
if g.v and g.v.admin_level >= PERMS["IGNORE_DOMAIN_BAN"]: