Whitelist allowed classes for federated statuses #3810
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allowed classes are currently: - Any microformats class (h/p/u/dt/e-*) - the classes mention, hashtag, ellipses and invisible. this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text. resolved mastodon#3790
nightpool
force-pushed
the
class_whitelisting
branch
from
b5a3c13
to
940b8f8
Compare
Gargron
approved these changes
Jun 16, 2017
ykzts
reviewed
Jun 17, 2017
app/lib/sanitize_config.rb
Outdated
| }, | ||
|
|
||
| transformers: [ | ||
| CLASS_WHITELIST_TRANSFORMER |
koteitan
pushed a commit
to koteitan/mastodon
that referenced
this pull request
Jun 25, 2017
* Whitelist allowed classes for federated statuses Allowed classes are currently: - Any microformats class (h/p/u/dt/e-*) - the classes mention, hashtag, ellipses and invisible. this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text. resolved mastodon#3790 * Fix code style
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allowed classes are currently:
mention,hashtag,ellipsesandinvisible.this last one is somewhat suspect, but Mastodon currently uses it to render truncated links.
Before this pull request gets merged, I would like more input on which classes should be allowed and which should be restricted. For example, I think that fa-spin is fine to be allowed, but I feel weird whitelisting it explicitly. It would be nice to allow some amount of simple formatting (opening the door for things like #853 and #3621 to happen on a federation level), but I don't know what classes we already have that could do similar things.
resolves #3790