parent
fe5ffd1bcf
commit
9160a853ec
|
@ -296,9 +296,6 @@ class Comment(Base):
|
||||||
if not self.ghost and self.author.show_sig(v):
|
if not self.ghost and self.author.show_sig(v):
|
||||||
body += f'<section id="signature-{self.author.id}" class="user-signature"><hr>{self.author.sig_html}</section>'
|
body += f'<section id="signature-{self.author.id}" class="user-signature"><hr>{self.author.sig_html}</section>'
|
||||||
|
|
||||||
if v:
|
|
||||||
body = body.replace("!YOU!", v.username)
|
|
||||||
|
|
||||||
return body
|
return body
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
|
@ -312,9 +309,6 @@ class Comment(Base):
|
||||||
|
|
||||||
body = censor_slurs(body, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
body = censor_slurs(body, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
||||||
|
|
||||||
if v:
|
|
||||||
body = body.replace("!YOU!", v.username)
|
|
||||||
|
|
||||||
return body
|
return body
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
|
|
|
@ -319,9 +319,6 @@ class Submission(Base):
|
||||||
if not listing and not self.ghost and self.author.show_sig(v):
|
if not listing and not self.ghost and self.author.show_sig(v):
|
||||||
body += f'<section id="signature-{self.author.id}" class="user-signature"><hr>{self.author.sig_html}</section>'
|
body += f'<section id="signature-{self.author.id}" class="user-signature"><hr>{self.author.sig_html}</section>'
|
||||||
|
|
||||||
if v:
|
|
||||||
body = body.replace("!YOU!", v.username)
|
|
||||||
|
|
||||||
return body
|
return body
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
|
@ -335,9 +332,6 @@ class Submission(Base):
|
||||||
body = censor_slurs(body, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
body = censor_slurs(body, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
||||||
body = normalize_urls_runtime(body, v)
|
body = normalize_urls_runtime(body, v)
|
||||||
|
|
||||||
if v:
|
|
||||||
body = body.replace("!YOU!", v.username)
|
|
||||||
|
|
||||||
return body
|
return body
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
|
@ -346,9 +340,6 @@ class Submission(Base):
|
||||||
|
|
||||||
title = censor_slurs(title, v)
|
title = censor_slurs(title, v)
|
||||||
|
|
||||||
if v:
|
|
||||||
title = title.replace("!YOU!", v.username)
|
|
||||||
|
|
||||||
return title
|
return title
|
||||||
|
|
||||||
@lazy
|
@lazy
|
||||||
|
@ -357,9 +348,6 @@ class Submission(Base):
|
||||||
|
|
||||||
title = censor_slurs(title, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
title = censor_slurs(title, v).replace('<img loading="lazy" data-bs-toggle="tooltip" alt=":marseytrain:" title=":marseytrain:" src="/e/marseytrain.webp">', ':marseytrain:')
|
||||||
|
|
||||||
if v:
|
|
||||||
title = title.replace("!YOU!", v.username)
|
|
||||||
|
|
||||||
return title
|
return title
|
||||||
|
|
||||||
@property
|
@property
|
||||||
|
|
|
@ -1019,7 +1019,6 @@ class User(Base):
|
||||||
if not cls.can_see(user, other.author): return False
|
if not cls.can_see(user, other.author): return False
|
||||||
if user and user.id == other.author_id: return True
|
if user and user.id == other.author_id: return True
|
||||||
if isinstance(other, Submission):
|
if isinstance(other, Submission):
|
||||||
if "!YOU!" in other.title and not user: return False
|
|
||||||
if browser != 'webview' and other.author_id == AEVANN_ID and other.title.startswith('[ANDROID]'):
|
if browser != 'webview' and other.author_id == AEVANN_ID and other.title.startswith('[ANDROID]'):
|
||||||
return user and user.admin_level >= PERMS['POST_COMMENT_MODERATION']
|
return user and user.admin_level >= PERMS['POST_COMMENT_MODERATION']
|
||||||
if browser != 'apple' and other.author_id == CARP_ID and other.title.startswith('[APPLE]'):
|
if browser != 'apple' and other.author_id == CARP_ID and other.title.startswith('[APPLE]'):
|
||||||
|
|
|
@ -1603,11 +1603,9 @@ def is_site_url(url):
|
||||||
|
|
||||||
def is_safe_url(url):
|
def is_safe_url(url):
|
||||||
domain = tldextract.extract(url)
|
domain = tldextract.extract(url)
|
||||||
return ((
|
return (is_site_url(url)
|
||||||
is_site_url(url)
|
or domain.registered_domain in approved_embed_hosts
|
||||||
or domain.registered_domain in approved_embed_hosts
|
or domain.fqdn in approved_embed_hosts)
|
||||||
or domain.fqdn in approved_embed_hosts
|
|
||||||
) and '!YOU!' not in url)
|
|
||||||
|
|
||||||
|
|
||||||
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
hosts = "|".join(approved_embed_hosts).replace('.','\.')
|
||||||
|
|
|
@ -61,7 +61,7 @@ def allowed_attributes(tag, name, value):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
if tag == 'a':
|
if tag == 'a':
|
||||||
if name == 'href' and '\\' not in value and 'xn--' not in value and '!YOU!' not in value:
|
if name == 'href' and '\\' not in value and 'xn--' not in value:
|
||||||
return True
|
return True
|
||||||
if name == 'rel' and value == 'nofollow noopener': return True
|
if name == 'rel' and value == 'nofollow noopener': return True
|
||||||
if name == 'target' and value == '_blank': return True
|
if name == 'target' and value == '_blank': return True
|
||||||
|
|
Loading…
Reference in New Issue