mirror of
http://git.carcosa.net/jmcbray/brutaldon.git
synced 2024-11-23 07:13:52 -05:00
Add html sanitization.
Probably the html sent by your instance is already sanitized, but I haven't checked the Mastodon source to be sure.
This commit is contained in:
parent
e773511726
commit
bf3af37003
@ -38,6 +38,7 @@ INSTALLED_APPS = [
|
||||
'django.contrib.messages',
|
||||
'django.contrib.staticfiles',
|
||||
'widget_tweaks',
|
||||
'sanitizer',
|
||||
'django.contrib.humanize',
|
||||
'brutaldon',
|
||||
]
|
||||
@ -122,3 +123,7 @@ USE_TZ = True
|
||||
|
||||
STATIC_URL = '/static/'
|
||||
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
|
||||
|
||||
# Sanitizer settings
|
||||
SANITIZER_ALLOWED_TAGS = ['a', 'p', 'img', 'br', 'i', 'strong']
|
||||
SANITIZER_ALLOWED_ATTRIBUTES = ['href', 'src']
|
||||
|
@ -1,4 +1,5 @@
|
||||
{% load humanize %}
|
||||
{% load sanitizer %}
|
||||
|
||||
<article class="media">
|
||||
<figure class="media-left">
|
||||
@ -31,7 +32,7 @@
|
||||
</p>
|
||||
{% endif %}
|
||||
<div class="toot">
|
||||
{{ toot.content | safe }}
|
||||
{{ toot.content | strip_html | safe }}
|
||||
</div>
|
||||
|
||||
{% if toot.media_attachments %}
|
||||
|
@ -1,8 +1,11 @@
|
||||
bleach==2.1.3
|
||||
certifi==2017.11.5
|
||||
chardet==3.0.4
|
||||
decorator==4.1.2
|
||||
Django==2.0.4
|
||||
django-html-sanitizer==0.1.5
|
||||
django-widget-tweaks==1.4.2
|
||||
html5lib==1.0.1
|
||||
idna==2.6
|
||||
Mastodon.py==1.2.1
|
||||
python-dateutil==2.6.1
|
||||
@ -10,3 +13,4 @@ pytz==2017.3
|
||||
requests==2.18.4
|
||||
six==1.11.0
|
||||
urllib3==1.22
|
||||
webencodings==0.5.1
|
||||
|
Loading…
Reference in New Issue
Block a user