allow css transform
parent
5c04a2e4e7
commit
48396d9d20
|
@ -7740,3 +7740,8 @@ body {
|
|||
resize: none !important;
|
||||
}
|
||||
}
|
||||
|
||||
.transformed-img {
|
||||
display: inline-flex;
|
||||
overflow: hidden;
|
||||
}
|
|
@ -127,7 +127,15 @@ twitch_regex = re.compile('(https:\/\/)?(www\.)?twitch.tv\/(.*)', flags=re.I|re.
|
|||
|
||||
link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A)
|
||||
|
||||
css_url_regex = re.compile('url\([\'"]?((.|\n)*?)[);}$]', flags=re.I|re.A) # AEVANN, DO NOT TOUCH THIS, IT WENT THROUGH A MILLION ITERATIONS, IT'S PERFECT NOW
|
||||
css_url_regex = re.compile('url\([\'"]?((.|\n)*?)[);}$]', flags=re.I|re.A) # AEVANN, DO NOT TOUCH THIS, IT WENT THROUGH A MILLION ITERATIONS, IT'S PERFECT NOW <-- you probably dont actually need this anymore lol (CSP covers it)
|
||||
css_style_attr_regex = re.compile('\s*([\w-]+?)\s*:((".*?"|\'.*?\'|\(.*?\)|{.*?}|\[.*?]|[^;])*);?', flags=re.I|re.A)
|
||||
"""
|
||||
CSS style attribute regex explanation:
|
||||
Each match is one declaration. (Example: "color: red;")
|
||||
Capture groups:
|
||||
1. The property name (Example: "color")
|
||||
2. The value, excluding the trailing ";", but including whitespace (Example: " red")
|
||||
"""
|
||||
|
||||
linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)
|
||||
|
||||
|
|
|
@ -53,7 +53,11 @@ TLDS = ( # Original gTLDs and ccTLDs
|
|||
|
||||
allowed_tags = ('a','audio','b','big','blockquote','br','center','code','del','details','em','g','h1','h2','h3','h4','h5','h6','hr','i','img','li','lite-youtube','marquee','ol','p','pre','rp','rt','ruby','small','span','spoiler','strike','strong','sub','summary','sup','table','tbody','td','th','thead','tr','u','ul','video')
|
||||
|
||||
allowed_styles = ['background-color', 'color', 'filter', 'font-weight', 'text-align']
|
||||
allowed_global_styles = ['background-color', 'color', 'filter', 'font-weight', 'text-align']
|
||||
|
||||
additional_img_styles = ['transform']
|
||||
|
||||
allowed_styles = allowed_global_styles + additional_img_styles
|
||||
|
||||
def allowed_attributes(tag, name, value):
|
||||
|
||||
|
@ -581,6 +585,21 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=False, count_emojis
|
|||
#doing this here cuz of the linkifyfilter right above it (therefore unifying all link processing logic)
|
||||
soup = BeautifulSoup(sanitized, 'lxml')
|
||||
|
||||
# style validation
|
||||
styled_elements = soup.find_all(style=True)
|
||||
for element in styled_elements:
|
||||
# Images have all allowed styles, so we dont need to check these
|
||||
if element.name == 'img':
|
||||
# We will wrap the images in a div so that they cannot leave the container
|
||||
element.wrap(soup.new_tag('div', **{'class': 'transformed-img'}))
|
||||
continue
|
||||
|
||||
style = element['style']
|
||||
matches = css_style_attr_regex.findall(style)
|
||||
for match in matches:
|
||||
if match[0] not in allowed_global_styles:
|
||||
error(f"Invalid style property: {match[0]}")
|
||||
|
||||
links = soup.find_all("a")
|
||||
|
||||
if g.v and g.v.admin_level >= PERMS["IGNORE_DOMAIN_BAN"]:
|
||||
|
|
Loading…
Reference in New Issue