Exclude code from markup, unless it is a git patch

2021-09-19 10:03:19 +01:00 · 2021-09-19 10:03:19 +01:00 · 418897b7ce
parent 443c9599bf
commit 418897b7ce
2 changed files with 2 additions and 1 deletions
--- a/inbox.py
+++ b/inbox.py
@ -1870,6 +1870,7 @@ def _validPostContent(baseDir: str, nickname: str, domain: str,
            print('WARN: invalid content warning ' + summary)
            return False

+    # check for patches before dangeousMarkup, which excludes code
    if isGitPatch(baseDir, nickname, domain,
                  messageJson['object']['type'],
                  summary,
--- a/utils.py
+++ b/utils.py
@ -859,7 +859,7 @@ def dangerousMarkup(content: str, allowLocalNetworkAccess: bool) -> bool:
    """
    separators = [['<', '>'], ['&lt;', '&gt;']]
    invalidStrings = [
-        'script', 'noscript',
+        'script', 'noscript', 'code',
        'canvas', 'style', 'abbr',
        'frame', 'iframe', 'html', 'body',
        'hr', 'allow-popups', 'allow-scripts'