From 17fb54a94bb7a904aad28c0a9bbccb2ae7c19e95 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Wed, 6 Oct 2021 02:41:58 +0200 Subject: [PATCH] dsfsfd --- files/helpers/sanitize.py | 4 ++-- files/routes/comments.py | 22 +++++++++++----------- files/routes/posts.py | 14 +++++++------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index f3cbe45ae..137e06570 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -1,7 +1,6 @@ import bleach from bs4 import BeautifulSoup from bleach.linkifier import LinkifyFilter -from urllib.parse import ParseResult, urlunparse, urlparse from functools import partial from .get import * from os import path, environ @@ -88,7 +87,8 @@ _allowed_protocols = [ _allowed_styles =[ 'color', 'font-weight', - 'transform' + 'transform', + '-webkit-transform', ] def sanitize(sanitized, noimages=False): diff --git a/files/routes/comments.py b/files/routes/comments.py index 56a0fe78a..e9be123fc 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -157,7 +157,7 @@ def api_comment(v): for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') body = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', body) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html = sanitize(body_md) # Run safety filter @@ -270,7 +270,7 @@ def api_comment(v): body = request.values.get("body") + f"\n![]({url})" body = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', body) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html = sanitize(body_md) if len(body_html) > 20000: abort(400) @@ -365,7 +365,7 @@ def api_comment(v): body = AGENDAPOSTER_MSG.format(username=v.username) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_jannied_html = sanitize(body_md) @@ -403,7 +403,7 @@ def api_comment(v): body = random.choice(LONGPOST_REPLIES) body = re.sub('([^\n])\n([^\n])', r'\1\n\n\2', body) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html2 = sanitize(body_md) @@ -434,7 +434,7 @@ def api_comment(v): if "rdrama" in request.host and random.random() < 0.001 and v.username != "Snappy" and v.username != "zozbot": body = "zoz" - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html2 = sanitize(body_md) @@ -462,7 +462,7 @@ def api_comment(v): body = "zle" - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html2 = sanitize(body_md) @@ -486,7 +486,7 @@ def api_comment(v): body = "zozzle" - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html2 = sanitize(body_md) @@ -597,7 +597,7 @@ def edit_comment(cid, v): body = request.values.get("body", "")[:10000] for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html = sanitize(body_md) bans = filter_comment_html(body_html) @@ -689,7 +689,7 @@ def edit_comment(cid, v): url = request.host_url[:-1] + process_image(name) body += f"\n![]({url})" - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html = sanitize(body_md) if len(body_html) > 20000: abort(400) @@ -706,7 +706,7 @@ def edit_comment(cid, v): body = VAXX_MSG.format(username=v.username) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_jannied_html = sanitize(body_md) @@ -741,7 +741,7 @@ def edit_comment(cid, v): body = AGENDAPOSTER_MSG.format(username=v.username) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_jannied_html = sanitize(body_md) diff --git a/files/routes/posts.py b/files/routes/posts.py index 6544c87bf..2c7968a99 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -208,7 +208,7 @@ def edit_post(pid, v): if body != p.body: for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html = sanitize(body_md) # Run safety filter @@ -266,7 +266,7 @@ def edit_post(pid, v): body = VAXX_MSG.format(username=v.username) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_jannied_html = sanitize(body_md) @@ -300,7 +300,7 @@ def edit_post(pid, v): body = AGENDAPOSTER_MSG.format(username=v.username) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_jannied_html = sanitize(body_md) @@ -737,7 +737,7 @@ def submit_post(v): options.append(i.group(1)) body = body.replace(i.group(0), "") - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html = sanitize(body_md) @@ -905,7 +905,7 @@ def submit_post(v): body = VAXX_MSG.format(username=v.username) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_jannied_html = sanitize(body_md) @@ -939,7 +939,7 @@ def submit_post(v): body = AGENDAPOSTER_MSG.format(username=v.username) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_jannied_html = sanitize(body_md) @@ -982,7 +982,7 @@ def submit_post(v): if new_post.url: body += f"Snapshots:\n\n* [reveddit.com](https://reveddit.com/{new_post.url})\n* [archive.org](https://web.archive.org/{new_post.url})\n* [archive.ph](https://archive.ph/?url={urllib.parse.quote(new_post.url)}&run=1) (click to archive)" gevent.spawn(archiveorg, new_post.url) - body_md = CustomRenderer().render(mistletoe.Document(body)) + body_md = CustomRenderer().render(mistletoe.Document(body)).replace("","

").replace("

","

") body_html = sanitize(body_md)