diff --git a/config/config.exs b/config/config.exs index ed718c3d3c..d5c5b7902e 100644 --- a/config/config.exs +++ b/config/config.exs @@ -76,6 +76,15 @@ quarantined_instances: [], managed_config: true +config :pleroma, :markup, + # XXX - unfortunately, inline images must be enabled by default right now, because + # of custom emoji. Issue #275 discusses defanging that somehow. + allow_inline_images: true, + allow_headings: false, + allow_tables: false, + allow_fonts: false, + scrub_policy: Pleroma.HTML.Scrubber.Default + config :pleroma, :fe, theme: "pleroma-dark", logo: "/static/logo.png", diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 2b4c3c2aa5..62f54a3f25 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -1,6 +1,7 @@ defmodule Pleroma.Formatter do alias Pleroma.User alias Pleroma.Web.MediaProxy + alias Pleroma.HTML @tag_regex ~r/\#\w+/u def parse_tags(text, data \\ %{}) do @@ -144,8 +145,8 @@ def emojify(text, nil), do: text def emojify(text, emoji) do Enum.reduce(emoji, text, fn {emoji, file}, text -> - emoji = HtmlSanitizeEx.strip_tags(emoji) - file = HtmlSanitizeEx.strip_tags(file) + emoji = HTML.strip_tags(emoji) + file = HTML.strip_tags(file) String.replace( text, @@ -154,7 +155,7 @@ def emojify(text, emoji) do MediaProxy.url(file) }' />" ) - |> HtmlSanitizeEx.basic_html() + |> HTML.filter_tags() end) end diff --git a/lib/pleroma/gopher/server.ex b/lib/pleroma/gopher/server.ex index 97a1dea775..d34037f4f6 100644 --- a/lib/pleroma/gopher/server.ex +++ b/lib/pleroma/gopher/server.ex @@ -35,6 +35,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do alias Pleroma.User alias Pleroma.Activity alias Pleroma.Repo + alias Pleroma.HTML @instance Application.get_env(:pleroma, :instance) @gopher Application.get_env(:pleroma, :gopher) @@ -78,11 +79,7 @@ def render_activities(activities) do link("Post ##{activity.id} by #{user.nickname}", "/notices/#{activity.id}") <> info("#{like_count} likes, #{announcement_count} repeats") <> "i\tfake\t(NULL)\t0\r\n" <> - info( - HtmlSanitizeEx.strip_tags( - String.replace(activity.data["object"]["content"], "
", "\r") - ) - ) + info(HTML.strip_tags(String.replace(activity.data["object"]["content"], "
", "\r"))) end) |> Enum.join("i\tfake\t(NULL)\t0\r\n") end diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex new file mode 100644 index 0000000000..107784e704 --- /dev/null +++ b/lib/pleroma/html.ex @@ -0,0 +1,129 @@ +defmodule Pleroma.HTML do + alias HtmlSanitizeEx.Scrubber + + @markup Application.get_env(:pleroma, :markup) + + def filter_tags(html) do + scrubber = Keyword.get(@markup, :scrub_policy) + html |> Scrubber.scrub(scrubber) + end + + def strip_tags(html) do + html |> Scrubber.scrub(Scrubber.StripTags) + end +end + +defmodule Pleroma.HTML.Scrubber.TwitterText do + @moduledoc """ + An HTML scrubbing policy which limits to twitter-style text. Only + paragraphs, breaks and links are allowed through the filter. + """ + + require HtmlSanitizeEx.Scrubber.Meta + alias HtmlSanitizeEx.Scrubber.Meta + + @valid_schemes ["http", "https"] + + Meta.remove_cdata_sections_before_scrub() + Meta.strip_comments() + + # links + Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + + # paragraphs and linebreaks + Meta.allow_tag_with_these_attributes("br", []) + Meta.allow_tag_with_these_attributes("p", []) + + # microformats + Meta.allow_tag_with_these_attributes("span", []) + + # allow inline images for custom emoji + @markup Application.get_env(:pleroma, :markup) + @allow_inline_images Keyword.get(@markup, :allow_inline_images) + + if @allow_inline_images do + Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) + + Meta.allow_tag_with_these_attributes("img", [ + "width", + "height", + "title", + "alt" + ]) + end +end + +defmodule Pleroma.HTML.Scrubber.Default do + @doc "The default HTML scrubbing policy: no " + + require HtmlSanitizeEx.Scrubber.Meta + alias HtmlSanitizeEx.Scrubber.Meta + + @valid_schemes ["http", "https"] + + Meta.remove_cdata_sections_before_scrub() + Meta.strip_comments() + + Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + + Meta.allow_tag_with_these_attributes("b", []) + Meta.allow_tag_with_these_attributes("blockquote", []) + Meta.allow_tag_with_these_attributes("br", []) + Meta.allow_tag_with_these_attributes("code", []) + Meta.allow_tag_with_these_attributes("del", []) + Meta.allow_tag_with_these_attributes("em", []) + Meta.allow_tag_with_these_attributes("i", []) + Meta.allow_tag_with_these_attributes("li", []) + Meta.allow_tag_with_these_attributes("ol", []) + Meta.allow_tag_with_these_attributes("p", []) + Meta.allow_tag_with_these_attributes("pre", []) + Meta.allow_tag_with_these_attributes("span", []) + Meta.allow_tag_with_these_attributes("strong", []) + Meta.allow_tag_with_these_attributes("u", []) + Meta.allow_tag_with_these_attributes("ul", []) + + @markup Application.get_env(:pleroma, :markup) + @allow_inline_images Keyword.get(@markup, :allow_inline_images) + + if @allow_inline_images do + Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) + + Meta.allow_tag_with_these_attributes("img", [ + "width", + "height", + "title", + "alt" + ]) + end + + @allow_tables Keyword.get(@markup, :allow_tables) + + if @allow_tables do + Meta.allow_tag_with_these_attributes("table", []) + Meta.allow_tag_with_these_attributes("tbody", []) + Meta.allow_tag_with_these_attributes("td", []) + Meta.allow_tag_with_these_attributes("th", []) + Meta.allow_tag_with_these_attributes("thead", []) + Meta.allow_tag_with_these_attributes("tr", []) + end + + @allow_headings Keyword.get(@markup, :allow_headings) + + if @allow_headings do + Meta.allow_tag_with_these_attributes("h1", []) + Meta.allow_tag_with_these_attributes("h2", []) + Meta.allow_tag_with_these_attributes("h3", []) + Meta.allow_tag_with_these_attributes("h4", []) + Meta.allow_tag_with_these_attributes("h5", []) + end + + @allow_fonts Keyword.get(@markup, :allow_fonts) + + if @allow_fonts do + Meta.allow_tag_with_these_attributes("font", ["face"]) + end + + Meta.strip_everything_not_covered() +end diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 7915933be9..7c92c991f1 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy + alias Pleroma.HTML def render("accounts.json", %{users: users} = opts) do render_many(users, AccountView, "account.json", opts) @@ -42,7 +43,7 @@ def render("account.json", %{user: user}) do followers_count: user_info.follower_count, following_count: user_info.following_count, statuses_count: user_info.note_count, - note: HtmlSanitizeEx.basic_html(user.bio) || "", + note: HTML.filter_tags(user.bio) || "", url: user.ap_id, avatar: image, avatar_static: image, diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index cdae2de7ab..8f6c4b0627 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy alias Pleroma.Repo + alias Pleroma.HTML # TODO: Add cached version. defp get_replied_to_activities(activities) do @@ -111,10 +112,10 @@ def render("status.json", %{activity: %{data: %{"object" => object}} = activity} emojis = (activity.data["object"]["emoji"] || []) |> Enum.map(fn {name, url} -> - name = HtmlSanitizeEx.strip_tags(name) + name = HTML.strip_tags(name) url = - HtmlSanitizeEx.strip_tags(url) + HTML.strip_tags(url) |> MediaProxy.url() %{shortcode: name, url: url, static_url: url, visible_in_picker: false} @@ -221,7 +222,7 @@ def render_content(%{"type" => "Video"} = object) do object["content"] end - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) end def render_content(%{"type" => "Article"} = object) do @@ -234,10 +235,10 @@ def render_content(%{"type" => "Article"} = object) do object["content"] end - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) end def render_content(object) do - HtmlSanitizeEx.basic_html(object["content"]) + HTML.filter_tags(object["content"]) end end diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex index 9abea59a7a..5c4eed671b 100644 --- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView} alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Formatter + alias Pleroma.HTML defp user_by_ap_id(user_list, ap_id) do Enum.find(user_list, fn %{ap_id: user_id} -> ap_id == user_id end) @@ -167,7 +168,7 @@ def to_map( {summary, content} = ActivityView.render_content(object) html = - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) |> Formatter.emojify(object["emoji"]) video = @@ -184,7 +185,7 @@ def to_map( "uri" => activity.data["object"]["id"], "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => html, - "text" => HtmlSanitizeEx.strip_tags(content), + "text" => HTML.strip_tags(content), "is_local" => activity.local, "is_post_verb" => true, "created_at" => created_at, diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 909eefdd88..666a35a24c 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -11,6 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do alias Pleroma.User alias Pleroma.Repo alias Pleroma.Formatter + alias Pleroma.HTML import Ecto.Query @@ -232,7 +233,7 @@ def render( {summary, content} = render_content(object) html = - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) |> Formatter.emojify(object["emoji"]) %{ @@ -240,7 +241,7 @@ def render( "uri" => activity.data["object"]["id"], "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => html, - "text" => HtmlSanitizeEx.strip_tags(content), + "text" => HTML.strip_tags(content), "is_local" => activity.local, "is_post_verb" => true, "created_at" => created_at, diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 32f93153dc..f2641047f3 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do alias Pleroma.Formatter alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy + alias Pleroma.HTML def render("show.json", %{user: user = %User{}} = assigns) do render_one(user, Pleroma.Web.TwitterAPI.UserView, "user.json", assigns) @@ -38,9 +39,8 @@ def render("user.json", %{user: user = %User{}} = assigns) do data = %{ "created_at" => user.inserted_at |> Utils.format_naive_asctime(), - "description" => - HtmlSanitizeEx.strip_tags((user.bio || "") |> String.replace("
", "\n")), - "description_html" => HtmlSanitizeEx.basic_html(user.bio), + "description" => HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), + "description_html" => HTML.filter_tags(user.bio), "favourites_count" => 0, "followers_count" => user_info[:follower_count], "following" => following, @@ -49,7 +49,7 @@ def render("user.json", %{user: user = %User{}} = assigns) do "friends_count" => user_info[:following_count], "id" => user.id, "name" => user.name, - "name_html" => HtmlSanitizeEx.strip_tags(user.name) |> Formatter.emojify(emoji), + "name_html" => HTML.strip_tags(user.name) |> Formatter.emojify(emoji), "profile_image_url" => image, "profile_image_url_https" => image, "profile_image_url_profile_size" => image,