mirror of
http://git.carcosa.net/jmcbray/brutaldon.git
synced 2024-11-23 15:23:52 -05:00
Add html sanitization.
Probably the html sent by your instance is already sanitized, but I haven't checked the Mastodon source to be sure.
This commit is contained in:
parent
e773511726
commit
bf3af37003
@ -38,6 +38,7 @@ INSTALLED_APPS = [
|
|||||||
'django.contrib.messages',
|
'django.contrib.messages',
|
||||||
'django.contrib.staticfiles',
|
'django.contrib.staticfiles',
|
||||||
'widget_tweaks',
|
'widget_tweaks',
|
||||||
|
'sanitizer',
|
||||||
'django.contrib.humanize',
|
'django.contrib.humanize',
|
||||||
'brutaldon',
|
'brutaldon',
|
||||||
]
|
]
|
||||||
@ -122,3 +123,7 @@ USE_TZ = True
|
|||||||
|
|
||||||
STATIC_URL = '/static/'
|
STATIC_URL = '/static/'
|
||||||
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
|
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
|
||||||
|
|
||||||
|
# Sanitizer settings
|
||||||
|
SANITIZER_ALLOWED_TAGS = ['a', 'p', 'img', 'br', 'i', 'strong']
|
||||||
|
SANITIZER_ALLOWED_ATTRIBUTES = ['href', 'src']
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{% load humanize %}
|
{% load humanize %}
|
||||||
|
{% load sanitizer %}
|
||||||
|
|
||||||
<article class="media">
|
<article class="media">
|
||||||
<figure class="media-left">
|
<figure class="media-left">
|
||||||
@ -31,7 +32,7 @@
|
|||||||
</p>
|
</p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<div class="toot">
|
<div class="toot">
|
||||||
{{ toot.content | safe }}
|
{{ toot.content | strip_html | safe }}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{% if toot.media_attachments %}
|
{% if toot.media_attachments %}
|
||||||
|
@ -1,8 +1,11 @@
|
|||||||
|
bleach==2.1.3
|
||||||
certifi==2017.11.5
|
certifi==2017.11.5
|
||||||
chardet==3.0.4
|
chardet==3.0.4
|
||||||
decorator==4.1.2
|
decorator==4.1.2
|
||||||
Django==2.0.4
|
Django==2.0.4
|
||||||
|
django-html-sanitizer==0.1.5
|
||||||
django-widget-tweaks==1.4.2
|
django-widget-tweaks==1.4.2
|
||||||
|
html5lib==1.0.1
|
||||||
idna==2.6
|
idna==2.6
|
||||||
Mastodon.py==1.2.1
|
Mastodon.py==1.2.1
|
||||||
python-dateutil==2.6.1
|
python-dateutil==2.6.1
|
||||||
@ -10,3 +13,4 @@ pytz==2017.3
|
|||||||
requests==2.18.4
|
requests==2.18.4
|
||||||
six==1.11.0
|
six==1.11.0
|
||||||
urllib3==1.22
|
urllib3==1.22
|
||||||
|
webencodings==0.5.1
|
||||||
|
Loading…
Reference in New Issue
Block a user