7 Commits

Author	SHA1	Message	Date
Eugen Rochko	8f64b17d98	Whitelist dat/ipfs/gopher links in sanitizer (#8034) ... Fix #7994	2018-07-16 22:17:43 +09:00
puckipedia	545095b3ce	[!] Sanitize incoming classlist properly (#6162) ... * Sanitize classlist properly * Actually properly sanitize every class after the first * Improve Formatter spec to check for multiple classes and non-space whitespace	2018-01-03 03:54:08 +01:00
nightpool	94d0e012de	Whitelist allowed classes for federated statuses (#3810) ... * Whitelist allowed classes for federated statuses Allowed classes are currently: - Any microformats class (h/p/u/dt/e-*) - the classes mention, hashtag, ellipses and invisible. this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text. resolved #3790 * Fix code style	2017-06-17 20:26:05 +02:00
unarist	6bd6dcf6df	Allow "class" attribute on the "a" tag in sanitization (#3623) ... This preserves `<a ... class="u-url mention">` from other Mastodon instances.	2017-06-07 15:57:30 +02:00
Eugen Rochko	58bcd50f7f	Fix #1426 - Trim long usernames in public follower/following lists (#2993) ... Fix #2221 - Catch OpenSSL exceptions when loading remote avatars/headers/attachments Don't strip "rel" attribute from <a> tags when sanitizing (microformats)	2017-05-11 23:14:00 +02:00
Yamagishi Kazutoshi	4a5f73c8ae	Add target=_blank to user note (#2622) ... * Add target=_blank to user note Open new window when click link from user profile in remote instance. * fix rubocop	2017-04-30 00:28:41 +02:00
Eugen Rochko	88725d6ce8	OEmbed support for PreviewCard (#2337) ... * OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller	2017-04-27 14:42:22 +02:00