mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 17:42:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

[bugfix] Use custom bluemonday policy to disallow inline img tags (#2100)

Browse source
This commit is contained in:
tobi 2023-08-11 14:40:11 +02:00 committed by GitHub
commit dc96562b40
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 243 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/text/markdown.go
View file

@ -57,13 +57,10 @@ func (f *formatter) FromMarkdown(ctx context.Context, pmf gtsmodel.ParseMentionF
result.HTML = htmlContentBytes.String()
// clean anything dangerous out of the HTML
result.HTML = SanitizeHTML(result.HTML)
result.HTML = SanitizeToHTML(result.HTML)
// shrink ray
result.HTML, err = m.String("text/html", result.HTML)
if err != nil {
log.Errorf(ctx, "error minifying HTML: %s", err)
}
result.HTML = MinifyHTML(result.HTML)
return result
}