From 95376ac1fe7a4d4a30932c6d74ca06782ba7c50a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:33:44 +0000 Subject: [PATCH 1/2] html: add the ability to override the default scrub policy --- lib/pleroma/html.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 107784e70..a0c43b82c 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -3,9 +3,13 @@ defmodule Pleroma.HTML do @markup Application.get_env(:pleroma, :markup) + def filter_tags(html, scrubber) do + html |> Scrubber.scrub(scrubber) + end + def filter_tags(html) do scrubber = Keyword.get(@markup, :scrub_policy) - html |> Scrubber.scrub(scrubber) + filter_tags(html, scrubber) end def strip_tags(html) do From 342ed844464bd32f633959b5fd48711c29c01566 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:48:28 +0000 Subject: [PATCH 2/2] MRF: add policy for normalizing HTML markup (local and remote) to a specific policy --- config/config.exs | 2 ++ .../web/activity_pub/mrf/normalize_markup.ex | 25 +++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 lib/pleroma/web/activity_pub/mrf/normalize_markup.ex diff --git a/config/config.exs b/config/config.exs index d5c5b7902..d8edc4862 100644 --- a/config/config.exs +++ b/config/config.exs @@ -104,6 +104,8 @@ config :pleroma, :user, deny_follow_blocked: true +config :pleroma, :mrf_normalize_markup, scrub_policy: Pleroma.HTML.Scrubber.Default + config :pleroma, :mrf_rejectnonpublic, allow_followersonly: false, allow_direct: false diff --git a/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex b/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex new file mode 100644 index 000000000..b4f91f3cc --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex @@ -0,0 +1,25 @@ +defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkup do + alias Pleroma.HTML + + @behaviour Pleroma.Web.ActivityPub.MRF + + @mrf_normalize_markup Application.get_env(:pleroma, :mrf_normalize_markup) + + def filter(%{"type" => activity_type} = object) when activity_type == "Create" do + scrub_policy = Keyword.get(@mrf_normalize_markup, :scrub_policy) + + child = object["object"] + + content = + child["content"] + |> HTML.filter_tags(scrub_policy) + + child = Map.put(child, "content", content) + + object = Map.put(object, "object", child) + + {:ok, object} + end + + def filter(object), do: {:ok, object} +end