Update.
This commit is contained in:
parent
3efe388d3f
commit
c60f9ff4d3
@ -39,6 +39,7 @@ dependencies = [
|
|||||||
"Pillow",
|
"Pillow",
|
||||||
"pillow-heif",
|
"pillow-heif",
|
||||||
"IP2Location",
|
"IP2Location",
|
||||||
|
"bleach"
|
||||||
]
|
]
|
||||||
|
|
||||||
[tool.setuptools.packages.find]
|
[tool.setuptools.packages.find]
|
||||||
|
|||||||
@ -59,6 +59,7 @@ from snek.view.channel import ChannelAttachmentView
|
|||||||
from snek.view.channel import ChannelView
|
from snek.view.channel import ChannelView
|
||||||
from snek.view.settings.containers import ContainersIndexView, ContainersCreateView, ContainersUpdateView, ContainersDeleteView
|
from snek.view.settings.containers import ContainersIndexView, ContainersCreateView, ContainersUpdateView, ContainersDeleteView
|
||||||
from snek.webdav import WebdavApplication
|
from snek.webdav import WebdavApplication
|
||||||
|
from snek.system.template import sanitize_html
|
||||||
from snek.sgit import GitApplication
|
from snek.sgit import GitApplication
|
||||||
SESSION_KEY = b"c79a0c5fda4b424189c427d28c9f7c34"
|
SESSION_KEY = b"c79a0c5fda4b424189c427d28c9f7c34"
|
||||||
|
|
||||||
@ -124,6 +125,7 @@ class Application(BaseApplication):
|
|||||||
self.jinja2_env.add_extension(LinkifyExtension)
|
self.jinja2_env.add_extension(LinkifyExtension)
|
||||||
self.jinja2_env.add_extension(PythonExtension)
|
self.jinja2_env.add_extension(PythonExtension)
|
||||||
self.jinja2_env.add_extension(EmojiExtension)
|
self.jinja2_env.add_extension(EmojiExtension)
|
||||||
|
self.jinja2_env.filters['sanitize'] = sanitize_html
|
||||||
self.time_start = datetime.now()
|
self.time_start = datetime.now()
|
||||||
self.ssh_host = "0.0.0.0"
|
self.ssh_host = "0.0.0.0"
|
||||||
self.ssh_port = 2242
|
self.ssh_port = 2242
|
||||||
|
|||||||
@ -10,6 +10,8 @@ from bs4 import BeautifulSoup
|
|||||||
from jinja2 import TemplateSyntaxError, nodes
|
from jinja2 import TemplateSyntaxError, nodes
|
||||||
from jinja2.ext import Extension
|
from jinja2.ext import Extension
|
||||||
from jinja2.nodes import Const
|
from jinja2.nodes import Const
|
||||||
|
import bleach
|
||||||
|
|
||||||
|
|
||||||
emoji.EMOJI_DATA['<img src="/emoji/snek1.gif" />'] = {
|
emoji.EMOJI_DATA['<img src="/emoji/snek1.gif" />'] = {
|
||||||
"en": ":snek1:",
|
"en": ":snek1:",
|
||||||
@ -78,6 +80,36 @@ emoji.EMOJI_DATA[
|
|||||||
] = {"en": ":a1:", "status": 2, "E": 0.6, "alias": [":a1:"]}
|
] = {"en": ":a1:", "status": 2, "E": 0.6, "alias": [":a1:"]}
|
||||||
|
|
||||||
|
|
||||||
|
ALLOWED_TAGS = list(bleach.sanitizer.ALLOWED_TAGS) + [
|
||||||
|
"img", "video", "audio", "source", "iframe", "picture", "span"
|
||||||
|
]
|
||||||
|
ALLOWED_ATTRIBUTES = {
|
||||||
|
**bleach.sanitizer.ALLOWED_ATTRIBUTES,
|
||||||
|
"img": ["src", "alt", "title", "width", "height"],
|
||||||
|
"a": ["href", "title", "target", "rel", "referrerpolicy", "class"],
|
||||||
|
"iframe": ["src", "width", "height", "frameborder", "allow", "allowfullscreen", "title", "referrerpolicy", "style"],
|
||||||
|
"video": ["src", "controls", "width", "height"],
|
||||||
|
"audio": ["src", "controls"],
|
||||||
|
"source": ["src", "type"],
|
||||||
|
"span": ["class"],
|
||||||
|
"picture": [],
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def sanitize_html(value):
|
||||||
|
return bleach.clean(
|
||||||
|
value,
|
||||||
|
tags=ALLOWED_TAGS,
|
||||||
|
attributes=ALLOWED_ATTRIBUTES,
|
||||||
|
protocols=bleach.sanitizer.ALLOWED_PROTOCOLS + ["data"],
|
||||||
|
strip=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def set_link_target_blank(text):
|
def set_link_target_blank(text):
|
||||||
soup = BeautifulSoup(text, "html.parser")
|
soup = BeautifulSoup(text, "html.parser")
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user