|
|
|
@ -91,26 +91,26 @@ class Sanitize |
|
|
|
|
] |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
MASTODON_OEMBED ||= freeze_config merge( |
|
|
|
|
RELAXED, |
|
|
|
|
elements: RELAXED[:elements] + %w(audio embed iframe source video), |
|
|
|
|
MASTODON_OEMBED ||= freeze_config( |
|
|
|
|
elements: %w(audio embed iframe source video), |
|
|
|
|
|
|
|
|
|
attributes: merge( |
|
|
|
|
RELAXED[:attributes], |
|
|
|
|
attributes: { |
|
|
|
|
'audio' => %w(controls), |
|
|
|
|
'embed' => %w(height src type width), |
|
|
|
|
'iframe' => %w(allowfullscreen frameborder height scrolling src width), |
|
|
|
|
'source' => %w(src type), |
|
|
|
|
'video' => %w(controls height loop width), |
|
|
|
|
'div' => [:data] |
|
|
|
|
), |
|
|
|
|
}, |
|
|
|
|
|
|
|
|
|
protocols: merge( |
|
|
|
|
RELAXED[:protocols], |
|
|
|
|
protocols: { |
|
|
|
|
'embed' => { 'src' => HTTP_PROTOCOLS }, |
|
|
|
|
'iframe' => { 'src' => HTTP_PROTOCOLS }, |
|
|
|
|
'source' => { 'src' => HTTP_PROTOCOLS } |
|
|
|
|
) |
|
|
|
|
'source' => { 'src' => HTTP_PROTOCOLS }, |
|
|
|
|
}, |
|
|
|
|
|
|
|
|
|
add_attributes: { |
|
|
|
|
'iframe' => { 'sandbox' => 'allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-forms' }, |
|
|
|
|
} |
|
|
|
|
) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|