1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.HTML.Scrubber.Default do
6 @doc "The default HTML scrubbing policy: no "
8 require FastSanitize.Sanitizer.Meta
9 alias FastSanitize.Sanitizer.Meta
11 # credo:disable-for-previous-line
12 # No idea how to fix this one…
14 @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
18 Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)
20 Meta.allow_tag_with_this_attribute_values(:a, "class", [
28 Meta.allow_tag_with_this_attribute_values(:a, "rel", [
36 Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
38 Meta.allow_tag_with_these_attributes(:abbr, ["title"])
40 Meta.allow_tag_with_these_attributes(:b, [])
41 Meta.allow_tag_with_these_attributes(:blockquote, [])
42 Meta.allow_tag_with_these_attributes(:br, [])
43 Meta.allow_tag_with_these_attributes(:code, [])
44 Meta.allow_tag_with_these_attributes(:del, [])
45 Meta.allow_tag_with_these_attributes(:em, [])
46 Meta.allow_tag_with_these_attributes(:hr, [])
47 Meta.allow_tag_with_these_attributes(:i, [])
48 Meta.allow_tag_with_these_attributes(:li, [])
49 Meta.allow_tag_with_these_attributes(:ol, [])
50 Meta.allow_tag_with_these_attributes(:p, [])
51 Meta.allow_tag_with_these_attributes(:pre, [])
52 Meta.allow_tag_with_these_attributes(:strong, [])
53 Meta.allow_tag_with_these_attributes(:sub, [])
54 Meta.allow_tag_with_these_attributes(:sup, [])
55 Meta.allow_tag_with_these_attributes(:ruby, [])
56 Meta.allow_tag_with_these_attributes(:rb, [])
57 Meta.allow_tag_with_these_attributes(:rp, [])
58 Meta.allow_tag_with_these_attributes(:rt, [])
59 Meta.allow_tag_with_these_attributes(:rtc, [])
60 Meta.allow_tag_with_these_attributes(:u, [])
61 Meta.allow_tag_with_these_attributes(:ul, [])
63 Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card", "recipients-inline"])
64 Meta.allow_tag_with_these_attributes(:span, [])
66 Meta.allow_tag_with_this_attribute_values(:code, "class", ["inline"])
68 @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])
70 if @allow_inline_images do
71 Meta.allow_tag_with_this_attribute_values(:img, "class", ["emoji"])
73 # restrict img tags to http/https only, because of MediaProxy.
74 Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
76 Meta.allow_tag_with_these_attributes(:img, [
84 if Pleroma.Config.get([:markup, :allow_tables]) do
85 Meta.allow_tag_with_these_attributes(:table, [])
86 Meta.allow_tag_with_these_attributes(:tbody, [])
87 Meta.allow_tag_with_these_attributes(:td, [])
88 Meta.allow_tag_with_these_attributes(:th, [])
89 Meta.allow_tag_with_these_attributes(:thead, [])
90 Meta.allow_tag_with_these_attributes(:tr, [])
93 if Pleroma.Config.get([:markup, :allow_headings]) do
94 Meta.allow_tag_with_these_attributes(:h1, [])
95 Meta.allow_tag_with_these_attributes(:h2, [])
96 Meta.allow_tag_with_these_attributes(:h3, [])
97 Meta.allow_tag_with_these_attributes(:h4, [])
98 Meta.allow_tag_with_these_attributes(:h5, [])
101 if Pleroma.Config.get([:markup, :allow_fonts]) do
102 Meta.allow_tag_with_these_attributes(:font, ["face"])
105 Meta.strip_everything_not_covered()