dup
parent
a9c86604a0
commit
53702d5f13
|
@ -812,7 +812,6 @@ approved_embed_hosts = [
|
|||
'watchpeopledie.co',
|
||||
'devrama.xyz',
|
||||
'imgur.com',
|
||||
'ibb.co',
|
||||
'lain.la',
|
||||
'pngfind.com',
|
||||
'kym-cdn.com',
|
||||
|
@ -857,7 +856,11 @@ approved_embed_hosts = [
|
|||
'githubusercontent.com',
|
||||
'unilad.co.uk',
|
||||
'grrrgraphics.com',
|
||||
'redditmedia.com'
|
||||
'redditmedia.com',
|
||||
'deviantart.com',
|
||||
'deviantart.net',
|
||||
'googleapis.com',
|
||||
'bing.com'
|
||||
]
|
||||
|
||||
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
||||
|
@ -876,6 +879,9 @@ yt_id_regex = re.compile('[a-z0-9-_]{5,20}', flags=re.I|re.A)
|
|||
|
||||
image_regex = re.compile("(^|\s)(https:\/\/[\w\-.#&/=\?@%;+]{5,250}(\.png|\.jpg|\.jpeg|\.gif|\.webp|maxwidth=9999|fidelity=high))($|\s)", flags=re.I|re.A)
|
||||
|
||||
css_regex = re.compile('''url\(['"]?(.*?)['"]?\)''', flags=re.I|re.A)
|
||||
css_regex2 = re.compile('''['"](http.*?)['"]''', flags=re.I|re.A)
|
||||
|
||||
procoins_li = (0,2500,5000,10000,25000,50000,125000,250000)
|
||||
|
||||
linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)
|
||||
|
|
|
@ -11,8 +11,6 @@ from random import random, choice
|
|||
import signal
|
||||
import time
|
||||
import requests
|
||||
import cssutils
|
||||
import tldextract
|
||||
|
||||
TLDS = ('ac','ad','ae','aero','af','ag','ai','al','am','an','ao','aq','ar','arpa','as','asia','at','au','aw','ax','az','ba','bb','bd','be','bf','bg','bh','bi','biz','bj','bm','bn','bo','br','bs','bt','bv','bw','by','bz','ca','cafe','cat','cc','cd','cf','cg','ch','ci','ck','cl','club','cm','cn','co','com','coop','cr','cu','cv','cx','cy','cz','de','dj','dk','dm','do','dz','ec','edu','ee','eg','er','es','et','eu','fi','fj','fk','fm','fo','fr','ga','gb','gd','ge','gf','gg','gh','gi','gl','gm','gn','gov','gp','gq','gr','gs','gt','gu','gw','gy','hk','hm','hn','hr','ht','hu','id','ie','il','im','in','info','int','io','iq','ir','is','it','je','jm','jo','jobs','jp','ke','kg','kh','ki','km','kn','kp','kr','kw','ky','kz','la','lb','lc','li','lk','lr','ls','lt','lu','lv','ly','ma','mc','md','me','mg','mh','mil','mk','ml','mm','mn','mo','mobi','mp','mq','mr','ms','mt','mu','museum','mv','mw','mx','my','mz','na','name','nc','ne','net','nf','ng','ni','nl','no','np','nr','nu','nz','om','org','pa','pe','pf','pg','ph','pk','pl','pm','pn','post','pr','pro','ps','pt','pw','py','qa','re','ro','rs','ru','rw','sa','sb','sc','sd','se','sg','sh','si','sj','sk','sl','sm','sn','so','social','sr','ss','st','su','sv','sx','sy','sz','tc','td','tel','tf','tg','th','tj','tk','tl','tm','tn','to','tp','tr','travel','tt','tv','tw','tz','ua','ug','uk','us','uy','uz','va','vc','ve','vg','vi','vn','vu','wf','win','ws','xn','xxx','xyz','ye','yt','yu','za','zm','zw')
|
||||
|
||||
|
@ -328,20 +326,3 @@ def filter_emojis_only(title, edit=False, graceful=False):
|
|||
|
||||
if len(title) > 1500 and not graceful: abort(400)
|
||||
else: return title
|
||||
|
||||
|
||||
def sanitize_css(rule):
|
||||
if isinstance(rule, cssutils.css.CSSStyleRule):
|
||||
|
||||
for property in rule.style.children():
|
||||
for pv in property.propertyValue:
|
||||
if isinstance(pv, cssutils.css.URIValue):
|
||||
domain = tldextract.extract(pv.uri).registered_domain
|
||||
if domain not in approved_embed_hosts:
|
||||
return f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}."
|
||||
|
||||
if getattr(rule, "children", None):
|
||||
for child in rule.children():
|
||||
clean_block(child)
|
||||
|
||||
return False
|
|
@ -12,7 +12,7 @@ from files.helpers.sanitize import filter_emojis_only
|
|||
from files.helpers.discord import add_role
|
||||
from shutil import copyfile
|
||||
import requests
|
||||
import cssutils
|
||||
import tldextract
|
||||
|
||||
GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip()
|
||||
GUMROAD_ID = environ.get("GUMROAD_ID", "tfcvri").strip()
|
||||
|
@ -643,16 +643,15 @@ def settings_profilecss_get(v):
|
|||
def settings_profilecss(v):
|
||||
profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
|
||||
|
||||
parser = cssutils.CSSParser(raiseExceptions=True,fetcher=lambda url: None)
|
||||
|
||||
try: css = parser.parseString(profilecss)
|
||||
except Exception as e: return {"error": str(e)}, 400
|
||||
|
||||
for rule in css:
|
||||
error = sanitize_css(rule)
|
||||
if error: return render_template("settings_profilecss.html", error=error, v=v)
|
||||
|
||||
profilecss = css.cssText.decode('utf-8')
|
||||
urls = list(css_regex.finditer(profilecss)) + list(css_regex2.finditer(profilecss))
|
||||
for i in urls:
|
||||
url = i.group(1)
|
||||
if url.startswith('/'): continue
|
||||
domain = tldextract.extract(url).registered_domain
|
||||
if domain not in approved_embed_hosts:
|
||||
error = f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}."
|
||||
return render_template("settings_profilecss.html", error=error, v=v)
|
||||
|
||||
|
||||
v.profilecss = profilecss
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
from files.__main__ import app, limiter, mail
|
||||
from files.helpers.alerts import *
|
||||
from files.helpers.wrappers import *
|
||||
from files.helpers.sanitize import sanitize_css
|
||||
from files.classes import *
|
||||
from .front import frontlist
|
||||
import cssutils
|
||||
import tldextract
|
||||
|
||||
@app.post("/exile/post/<pid>")
|
||||
@is_not_permabanned
|
||||
|
@ -339,22 +338,19 @@ def post_sub_css(v, sub):
|
|||
css = request.values.get('css', '').strip()
|
||||
|
||||
|
||||
parser = cssutils.CSSParser(raiseExceptions=True,fetcher=lambda url: None)
|
||||
urls = list(css_regex.finditer(css)) + list(css_regex2.finditer(css))
|
||||
for i in urls:
|
||||
url = i.group(1)
|
||||
if url.startswith('/'): continue
|
||||
domain = tldextract.extract(url).registered_domain
|
||||
if domain not in approved_embed_hosts:
|
||||
error = f"The domain '{domain}' is not allowed, please use one of these domains\n\n{approved_embed_hosts}."
|
||||
return render_template('sub/settings.html', v=v, sidebar=sub.sidebar, sub=sub, error=error)
|
||||
|
||||
try: css = parser.parseString(css)
|
||||
except Exception as e: return {"error": str(e)}, 400
|
||||
|
||||
for rule in css:
|
||||
error = sanitize_css(rule)
|
||||
if error: return render_template('sub/settings.html', v=v, sidebar=sub.sidebar, sub=sub, error=error)
|
||||
|
||||
css = css.cssText.decode('utf-8')
|
||||
|
||||
sub.css = css
|
||||
|
||||
|
||||
g.db.add(sub)
|
||||
|
||||
g.db.commit()
|
||||
|
||||
return redirect(f'/h/{sub.name}/settings')
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
beautifulsoup4
|
||||
bleach==4.1.0
|
||||
cssutils
|
||||
Flask
|
||||
Flask-Caching
|
||||
Flask-Compress
|
||||
|
|
Loading…
Reference in New Issue