Merge branch 'main' of ssh://code.freedombone.net:2222/bashrc/epicyon into main

2020-11-20 12:45:25 +00:00 · 2020-11-20 12:45:25 +00:00 · 6590b021d8
parent c0ed411c8c 5546f6b4e0
commit 6590b021d8
10 changed files with 146 additions and 79 deletions
--- a/content.py
+++ b/content.py
@ -151,7 +151,7 @@ def htmlReplaceQuoteMarks(content: str) -> str:
    return newContent


-def dangerousMarkup(content: str) -> bool:
+def dangerousMarkup(content: str, allowLocalNetworkAccess: bool) -> bool:
    """Returns true if the given content contains dangerous html markup
    """
    if '<' not in content:
@ -159,7 +159,9 @@ def dangerousMarkup(content: str) -> bool:
    if '>' not in content:
        return False
    contentSections = content.split('<')
-    invalidPartials = ('127.0.', '192.168', '10.0.')
+    invalidPartials = ()
+    if not allowLocalNetworkAccess:
+        invalidPartials = ('127.0.', '192.168', '10.0.')
    invalidStrings = ('script', 'canvas', 'style', 'abbr',
                      'frame', 'iframe', 'html', 'body',
                      'hr')
@ -181,7 +183,7 @@ def dangerousMarkup(content: str) -> bool:
    return False


-def dangerousCSS(filename: str) -> bool:
+def dangerousCSS(filename: str, allowLocalNetworkAccess: bool) -> bool:
    """Returns true is the css file contains code which
    can create security problems
    """
@ -199,7 +201,7 @@ def dangerousCSS(filename: str) -> bool:

        # an attacker can include html inside of the css
        # file as a comment and this may then be run from the html
-        if dangerousMarkup(content):
+        if dangerousMarkup(content, allowLocalNetworkAccess):
            return True
    return False

--- a/daemon.py
+++ b/daemon.py
@ -2066,6 +2066,11 @@ class PubServer(BaseHTTPRequestHandler):
               followingPort == port:
                if debug:
                    print('You cannot follow yourself!')
+            elif (followingNickname == 'news' and
+                  followingDomain == domain and
+                  followingPort == port):
+                if debug:
+                    print('You cannot follow the news actor')
            else:
                if debug:
                    print('Sending follow request from ' +
@ -2822,7 +2827,8 @@ class PubServer(BaseHTTPRequestHandler):
                     baseDir: str, httpPrefix: str,
                     domain: str, domainFull: str,
                     onionDomain: str, i2pDomain: str, debug: bool,
-                     defaultTimeline: str) -> None:
+                     defaultTimeline: str,
+                     allowLocalNetworkAccess: bool) -> None:
        """Updates the left links column of the timeline
        """
        usersPath = path.replace('/linksdata', '')
@ -2917,7 +2923,8 @@ class PubServer(BaseHTTPRequestHandler):
            if nickname == adminNickname:
                if fields.get('editedAbout'):
                    aboutStr = fields['editedAbout']
-                    if not dangerousMarkup(aboutStr):
+                    if not dangerousMarkup(aboutStr,
+                                           allowLocalNetworkAccess):
                        aboutFile = open(aboutFilename, "w+")
                        if aboutFile:
                            aboutFile.write(aboutStr)
@ -2928,7 +2935,8 @@ class PubServer(BaseHTTPRequestHandler):

                if fields.get('editedTOS'):
                    TOSStr = fields['editedTOS']
-                    if not dangerousMarkup(TOSStr):
+                    if not dangerousMarkup(TOSStr,
+                                           allowLocalNetworkAccess):
                        TOSFile = open(TOSFilename, "w+")
                        if TOSFile:
                            TOSFile.write(TOSStr)
@ -3342,7 +3350,7 @@ class PubServer(BaseHTTPRequestHandler):
                       baseDir: str, httpPrefix: str,
                       domain: str, domainFull: str,
                       onionDomain: str, i2pDomain: str,
-                       debug: bool) -> None:
+                       debug: bool, allowLocalNetworkAccess: bool) -> None:
        """Updates your user profile after editing via the Edit button
        on the profile screen
        """
@ -3655,7 +3663,8 @@ class PubServer(BaseHTTPRequestHandler):
                    if fields.get('themeDropdown'):
                        setTheme(baseDir,
                                 fields['themeDropdown'],
-                                 domain)
+                                 domain.
+                                 allowLocalNetworkAccess)
                        self.server.showPublishAsIcon = \
                            getConfigParam(self.server.baseDir,
                                           'showPublishAsIcon')
@ -4014,7 +4023,8 @@ class PubServer(BaseHTTPRequestHandler):
                                              '.etag')
                            currTheme = getTheme(baseDir)
                            if currTheme:
-                                setTheme(baseDir, currTheme, domain)
+                                setTheme(baseDir, currTheme, domain,
+                                         self.server.allowLocalNetworkAccess)
                                self.server.showPublishAsIcon = \
                                    getConfigParam(self.server.baseDir,
                                                   'showPublishAsIcon')
@ -11755,7 +11765,8 @@ class PubServer(BaseHTTPRequestHandler):
                                self.server.domain,
                                self.server.domainFull,
                                self.server.onionDomain,
-                                self.server.i2pDomain, self.server.debug)
+                                self.server.i2pDomain, self.server.debug,
+                                self.server.allowLocalNetworkAccess)
            return

        if authorized and self.path.endswith('/linksdata'):
@ -11765,7 +11776,8 @@ class PubServer(BaseHTTPRequestHandler):
                              self.server.domainFull,
                              self.server.onionDomain,
                              self.server.i2pDomain, self.server.debug,
-                              self.server.defaultTimeline)
+                              self.server.defaultTimeline,
+                              self.server.allowLocalNetworkAccess)
            return

        if authorized and self.path.endswith('/newswiredata'):
@ -12374,7 +12386,8 @@ def loadTokens(baseDir: str, tokensDict: {}, tokensLookup: {}) -> None:
                tokensLookup[token] = nickname


-def runDaemon(maxFeedItemSizeKb: int,
+def runDaemon(allowLocalNetworkAccess: bool,
+              maxFeedItemSizeKb: int,
              publishButtonAtTop: bool,
              rssIconAtTop: bool,
              iconsAsButtons: bool,
@ -12439,6 +12452,10 @@ def runDaemon(maxFeedItemSizeKb: int,
        return False

    httpd.unitTest = unitTest
+    httpd.allowLocalNetworkAccess = allowLocalNetworkAccess
+    if unitTest:
+        # unit tests are run on the local network with LAN addresses
+        httpd.allowLocalNetworkAccess = True
    httpd.YTReplacementDomain = YTReplacementDomain

    # newswire storing rss feeds
@ -12702,7 +12719,8 @@ def runDaemon(maxFeedItemSizeKb: int,
                              httpd.YTReplacementDomain,
                              httpd.showPublishedDateOnly,
                              httpd.allowNewsFollowers,
-                              httpd.maxFollowers), daemon=True)
+                              httpd.maxFollowers,
+                              httpd.allowLocalNetworkAccess), daemon=True)

    print('Creating scheduled post thread')
    httpd.thrPostSchedule = \
--- a/epicyon.py
+++ b/epicyon.py
@ -249,6 +249,13 @@ parser.add_argument("--publishButtonAtTop",
                    const=True, default=False,
                    help="Whether to show the publish button at the top of " +
                    "the newswire column")
+parser.add_argument("--allowLocalNetworkAccess",
+                    dest='allowLocalNetworkAccess',
+                    type=str2bool, nargs='?',
+                    const=True, default=False,
+                    help="Whether to allow access to local network " +
+                    "addresses. This might be useful when deploying in " +
+                    "a mesh network")
 parser.add_argument("--noapproval", type=str2bool, nargs='?',
                    const=True, default=False,
                    help="Allow followers without approval")
@ -2050,6 +2057,11 @@ fullWidthTimelineButtonHeader = \
 if fullWidthTimelineButtonHeader is not None:
    args.fullWidthTimelineButtonHeader = bool(fullWidthTimelineButtonHeader)

+allowLocalNetworkAccess = \
+    getConfigParam(baseDir, 'allowLocalNetworkAccess')
+if allowLocalNetworkAccess is not None:
+    args.allowLocalNetworkAccess = bool(allowLocalNetworkAccess)
+
 YTDomain = getConfigParam(baseDir, 'youtubedomain')
 if YTDomain:
    if '://' in YTDomain:
@ -2059,11 +2071,12 @@ if YTDomain:
    if '.' in YTDomain:
        args.YTReplacementDomain = YTDomain

-if setTheme(baseDir, themeName, domain):
+if setTheme(baseDir, themeName, domain, args.allowLocalNetworkAccess):
    print('Theme set to ' + themeName)

 if __name__ == "__main__":
-    runDaemon(args.maxFeedItemSizeKb,
+    runDaemon(args.allowLocalNetworkAccess,
+              args.maxFeedItemSizeKb,
              args.publishButtonAtTop,
              args.rssIconAtTop,
              args.iconsAsButtons,
--- a/inbox.py
+++ b/inbox.py
@ -1565,7 +1565,8 @@ def estimateNumberOfEmoji(content: str) -> int:


 def validPostContent(baseDir: str, nickname: str, domain: str,
-                     messageJson: {}, maxMentions: int, maxEmoji: int) -> bool:
+                     messageJson: {}, maxMentions: int, maxEmoji: int,
+                     allowLocalNetworkAccess: bool) -> bool:
    """Is the content of a received post valid?
    Check for bad html
    Check for hellthreads
@ -1600,7 +1601,8 @@ def validPostContent(baseDir: str, nickname: str, domain: str,
                  messageJson['object']['content']):
        return True

-    if dangerousMarkup(messageJson['object']['content']):
+    if dangerousMarkup(messageJson['object']['content'],
+                       allowLocalNetworkAccess):
        if messageJson['object'].get('id'):
            print('REJECT ARBITRARY HTML: ' + messageJson['object']['id'])
        print('REJECT ARBITRARY HTML: bad string in post - ' +
@ -2030,7 +2032,8 @@ def inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
                      maxReplies: int, allowDeletion: bool,
                      maxMentions: int, maxEmoji: int, translate: {},
                      unitTest: bool, YTReplacementDomain: str,
-                      showPublishedDateOnly: bool) -> bool:
+                      showPublishedDateOnly: bool,
+                      allowLocalNetworkAccess: bool) -> bool:
    """ Anything which needs to be done after initial checks have passed
    """
    actor = keyId
@ -2155,7 +2158,8 @@ def inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,

    nickname = handle.split('@')[0]
    if validPostContent(baseDir, nickname, domain,
-                        postJsonObject, maxMentions, maxEmoji):
+                        postJsonObject, maxMentions, maxEmoji,
+                        allowLocalNetworkAccess):

        if postJsonObject.get('object'):
            jsonObj = postJsonObject['object']
@ -2438,7 +2442,7 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                  YTReplacementDomain: str,
                  showPublishedDateOnly: bool,
                  allowNewsFollowers: bool,
-                  maxFollowers: int) -> None:
+                  maxFollowers: int, allowLocalNetworkAccess: bool) -> None:
    """Processes received items and moves them to the appropriate
    directories
    """
@ -2853,7 +2857,8 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                              maxMentions, maxEmoji,
                              translate, unitTest,
                              YTReplacementDomain,
-                              showPublishedDateOnly)
+                              showPublishedDateOnly,
+                              allowLocalNetworkAccess)
            if debug:
                pprint(queueJson['post'])

--- a/newsdaemon.py
+++ b/newsdaemon.py
@ -469,7 +469,8 @@ def convertRSStoActivityPub(baseDir: str, httpPrefix: str,
                            personCache: {},
                            federationList: [],
                            sendThreads: [], postLog: [],
-                            maxMirroredArticles: int) -> None:
+                            maxMirroredArticles: int,
+                            allowLocalNetworkAccess: bool) -> None:
    """Converts rss items in a newswire into posts
    """
    if not newswire:
@ -512,7 +513,8 @@ def convertRSStoActivityPub(baseDir: str, httpPrefix: str,

        rssTitle = removeControlCharacters(item[0])
        url = item[1]
-        if dangerousMarkup(url) or dangerousMarkup(rssTitle):
+        if dangerousMarkup(url, allowLocalNetworkAccess) or \
+           dangerousMarkup(rssTitle, allowLocalNetworkAccess):
            continue
        rssDescription = ''

@ -537,7 +539,8 @@ def convertRSStoActivityPub(baseDir: str, httpPrefix: str,
                postUrl += '/index.html'

        # add the off-site link to the description
-        if rssDescription and not dangerousMarkup(rssDescription):
+        if rssDescription and \
+           not dangerousMarkup(rssDescription, allowLocalNetworkAccess):
            rssDescription += \
                '<br><a href="' + postUrl + '">' + \
                translate['Read more...'] + '</a>'
@ -743,7 +746,8 @@ def runNewswireDaemon(baseDir: str, httpd,
                                httpd.federationList,
                                httpd.sendThreads,
                                httpd.postLog,
-                                httpd.maxMirroredArticles)
+                                httpd.maxMirroredArticles,
+                                httpd.allowLocalNetworkAccess)
        print('Newswire feed converted to ActivityPub')

        if httpd.maxNewsPosts > 0:
--- a/person.py
+++ b/person.py
@ -234,9 +234,6 @@ def createPersonBase(baseDir: str, nickname: str, domain: str, port: int,
        approveFollowers = True
        personType = 'Application'
    elif nickname == 'news':
-        # shared inbox
-        inboxStr = httpPrefix + '://' + domain + '/actor/news'
-        personId = httpPrefix + '://' + domain + '/actor'
        personUrl = httpPrefix + '://' + domain + \
            '/about/more?news_actor=true'
        personName = originalDomain
--- a/tests.py
+++ b/tests.py
@ -291,8 +291,10 @@ def createServerAlice(path: str, domain: str, port: int,
    maxEmoji = 10
    onionDomain = None
    i2pDomain = None
+    allowLocalNetworkAccess = True
    print('Server running: Alice')
-    runDaemon(2048, False, True, False, False, True, 10, False,
+    runDaemon(allowLocalNetworkAccess,
+              2048, False, True, False, False, True, 10, False,
              0, 100, 1024, 5, False,
              0, False, 1, False, False, False,
              5, True, True, 'en', __version__,
@ -356,8 +358,10 @@ def createServerBob(path: str, domain: str, port: int,
    maxEmoji = 10
    onionDomain = None
    i2pDomain = None
+    allowLocalNetworkAccess = True
    print('Server running: Bob')
-    runDaemon(2048, False, True, False, False, True, 10, False,
+    runDaemon(allowLocalNetworkAccess,
+              2048, False, True, False, False, True, 10, False,
              0, 100, 1024, 5, False, 0,
              False, 1, False, False, False,
              5, True, True, 'en', __version__,
@ -395,8 +399,10 @@ def createServerEve(path: str, domain: str, port: int, federationList: [],
    maxEmoji = 10
    onionDomain = None
    i2pDomain = None
+    allowLocalNetworkAccess = True
    print('Server running: Eve')
-    runDaemon(2048, False, True, False, False, True, 10, False,
+    runDaemon(allowLocalNetworkAccess,
+              2048, False, True, False, False, True, 10, False,
              0, 100, 1024, 5, False, 0,
              False, 1, False, False, False,
              5, True, True, 'en', __version__,
@ -1941,58 +1947,59 @@ def testRemoveHtml():

 def testDangerousMarkup():
    print('testDangerousMarkup')
+    allowLocalNetworkAccess = False
    content = '<p>This is a valid message</p>'
-    assert(not dangerousMarkup(content))
+    assert(not dangerousMarkup(content, allowLocalNetworkAccess))

    content = 'This is a valid message without markup'
-    assert(not dangerousMarkup(content))
+    assert(not dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This is a valid-looking message. But wait... ' + \
        '<script>document.getElementById("concentrated")' + \
        '.innerHTML = "evil";</script></p>'
-    assert(dangerousMarkup(content))
+    assert(dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This html contains more than you expected... ' + \
        '<script language="javascript">document.getElementById("abc")' + \
        '.innerHTML = "def";</script></p>'
-    assert(dangerousMarkup(content))
+    assert(dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This is a valid-looking message. But wait... ' + \
        '<script src="https://evilsite/payload.js" /></p>'
-    assert(dangerousMarkup(content))
+    assert(dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This message embeds an evil frame.' + \
        '<iframe src="somesite"></iframe></p>'
-    assert(dangerousMarkup(content))
+    assert(dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This message tries to obfuscate an evil frame.' + \
        '<  iframe     src = "somesite"></    iframe  ></p>'
-    assert(dangerousMarkup(content))
+    assert(dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This message is not necessarily evil, but annoying.' + \
        '<hr><br><br><br><br><br><br><br><hr><hr></p>'
-    assert(dangerousMarkup(content))
+    assert(dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This message contans a ' + \
        '<a href="https://validsite/index.html">valid link.</a></p>'
-    assert(not dangerousMarkup(content))
+    assert(not dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This message contans a ' + \
        '<a href="https://validsite/iframe.html">' + \
        'valid link having invalid but harmless name.</a></p>'
-    assert(not dangerousMarkup(content))
+    assert(not dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This message which <a href="127.0.0.1:8736">' + \
        'tries to access the local network</a></p>'
-    assert(dangerousMarkup(content))
+    assert(dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>This message which <a href="http://192.168.5.10:7235">' + \
        'tries to access the local network</a></p>'
-    assert(dangerousMarkup(content))
+    assert(dangerousMarkup(content, allowLocalNetworkAccess))

    content = '<p>127.0.0.1 This message which does not access ' + \
        'the local network</a></p>'
-    assert(not dangerousMarkup(content))
+    assert(not dangerousMarkup(content, allowLocalNetworkAccess))


 def runHtmlReplaceQuoteMarks():
--- a/theme.py
+++ b/theme.py
@ -183,7 +183,8 @@ def setCSSparam(css: str, param: str, value: str) -> str:


 def setThemeFromDict(baseDir: str, name: str,
-                     themeParams: {}, bgParams: {}) -> None:
+                     themeParams: {}, bgParams: {},
+                     allowLocalNetworkAccess: bool) -> None:
    """Uses a dictionary to set a theme
    """
    if name:
@ -198,7 +199,7 @@ def setThemeFromDict(baseDir: str, name: str,

        # Ensure that any custom CSS is mostly harmless.
        # If not then just use the defaults
-        if dangerousCSS(templateFilename) or \
+        if dangerousCSS(templateFilename, allowLocalNetworkAccess) or \
           not os.path.isfile(templateFilename):
            # use default css
            templateFilename = baseDir + '/epicyon-' + filename
@ -355,7 +356,8 @@ def setCustomFont(baseDir: str):


 def readVariablesFile(baseDir: str, themeName: str,
-                      variablesFile: str) -> None:
+                      variablesFile: str,
+                      allowLocalNetworkAccess: bool) -> None:
    """Reads variables from a file in the theme directory
    """
    themeParams = loadJson(variablesFile, 0)
@ -367,10 +369,11 @@ def readVariablesFile(baseDir: str, themeName: str,
        "options": "jpg",
        "search": "jpg"
    }
-    setThemeFromDict(baseDir, themeName, themeParams, bgParams)
+    setThemeFromDict(baseDir, themeName, themeParams, bgParams,
+                     allowLocalNetworkAccess)


-def setThemeDefault(baseDir: str):
+def setThemeDefault(baseDir: str, allowLocalNetworkAccess: bool):
    name = 'default'
    removeTheme(baseDir)
    setThemeInConfig(baseDir, name)
@ -390,10 +393,11 @@ def setThemeDefault(baseDir: str):
        "banner-height-mobile": "10vh",
        "search-banner-height-mobile": "15vh"
    }
-    setThemeFromDict(baseDir, name, themeParams, bgParams)
+    setThemeFromDict(baseDir, name, themeParams, bgParams,
+                     allowLocalNetworkAccess)


-def setThemeHighVis(baseDir: str):
+def setThemeHighVis(baseDir: str, allowLocalNetworkAccess: bool):
    name = 'highvis'
    themeParams = {
        "newswire-publish-icon": True,
@ -422,7 +426,8 @@ def setThemeHighVis(baseDir: str):
        "options": "jpg",
        "search": "jpg"
    }
-    setThemeFromDict(baseDir, name, themeParams, bgParams)
+    setThemeFromDict(baseDir, name, themeParams, bgParams,
+                     allowLocalNetworkAccess)


 def setThemeFonts(baseDir: str, themeName: str) -> None:
@ -578,7 +583,8 @@ def setNewsAvatar(baseDir: str, name: str,
             nickname + '@' + domain + '/avatar.png')


-def setTheme(baseDir: str, name: str, domain: str) -> bool:
+def setTheme(baseDir: str, name: str, domain: str,
+             allowLocalNetworkAccess: bool) -> bool:
    result = False

    prevThemeName = getTheme(baseDir)
@ -589,7 +595,8 @@ def setTheme(baseDir: str, name: str, domain: str) -> bool:
        themeNameLower = themeName.lower()
        if name == themeNameLower:
            try:
-                globals()['setTheme' + themeName](baseDir)
+                globals()['setTheme' + themeName](baseDir,
+                                                  allowLocalNetworkAccess)
            except BaseException:
                pass

@ -608,17 +615,19 @@ def setTheme(baseDir: str, name: str, domain: str) -> bool:

    variablesFile = baseDir + '/theme/' + name + '/theme.json'
    if os.path.isfile(variablesFile):
-        readVariablesFile(baseDir, name, variablesFile)
+        readVariablesFile(baseDir, name, variablesFile,
+                          allowLocalNetworkAccess)

    setCustomFont(baseDir)

    # set the news avatar
    newsAvatarThemeFilename = \
        baseDir + '/theme/' + name + '/icons/avatar_news.png'
-    if os.path.isfile(newsAvatarThemeFilename):
-        newsAvatarFilename = \
-            baseDir + '/accounts/news@' + domain + '/avatar.png'
-        copyfile(newsAvatarThemeFilename, newsAvatarFilename)
+    if os.path.isdir(baseDir + '/accounts/news@' + domain):
+        if os.path.isfile(newsAvatarThemeFilename):
+            newsAvatarFilename = \
+                baseDir + '/accounts/news@' + domain + '/avatar.png'
+            copyfile(newsAvatarThemeFilename, newsAvatarFilename)

    grayscaleFilename = baseDir + '/accounts/.grayscale'
    if os.path.isfile(grayscaleFilename):
--- a/webapp_post.py
+++ b/webapp_post.py
@ -265,6 +265,7 @@ def individualPostAsHtml(allowDownloads: bool,
        if timeDiff > 100:
            print('TIMING INDIV ' + boxName + ' 7 = ' + str(timeDiff))

+    avatarLink = ''
    if '/users/news/' not in avatarUrl:
        avatarLink = '        <a class="imageAnchor" href="' + postActor + '">'
        avatarLink += \
--- a/webapp_profile.py
+++ b/webapp_profile.py
@ -225,25 +225,36 @@ def htmlProfileAfterSearch(cssCache: {},
                                    profileDescriptionShort,
                                    avatarUrl, imageUrl)

-    profileStr += '<div class="container">\n'
-    profileStr += '  <form method="POST" action="' + \
-        backUrl + '/followconfirm">\n'
-    profileStr += '    <center>\n'
-    profileStr += \
-        '      <input type="hidden" name="actor" value="' + \
-        personUrl + '">\n'
-    # profileStr += \
-    #     '      <a href="' + backUrl + '"><button class="button">' + \
-    #     translate['Go Back'] + '</button></a>\n'
-    profileStr += \
-        '      <button type="submit" class="button" name="submitYes">' + \
-        translate['Follow'] + '</button>\n'
-    profileStr += \
-        '      <button type="submit" class="button" name="submitView">' + \
-        translate['View'] + '</button>\n'
-    profileStr += '    </center>\n'
-    profileStr += '  </form>\n'
-    profileStr += '</div>\n'
+    domainFull = domain
+    if port:
+        if port != 80 and port != 443:
+            domainFull = domain + ':' + str(port)
+
+    followIsPermitted = True
+    if searchNickname == 'news' and searchDomainFull == domainFull:
+        # currently the news actor is not something you can follow
+        followIsPermitted = False
+    elif searchNickname == nickname and searchDomainFull == domainFull:
+        # don't follow yourself!
+        followIsPermitted = False
+
+    if followIsPermitted:
+        profileStr += '<div class="container">\n'
+        profileStr += '  <form method="POST" action="' + \
+            backUrl + '/followconfirm">\n'
+        profileStr += '    <center>\n'
+        profileStr += \
+            '      <input type="hidden" name="actor" value="' + \
+            personUrl + '">\n'
+        profileStr += \
+            '      <button type="submit" class="button" name="submitYes">' + \
+            translate['Follow'] + '</button>\n'
+        profileStr += \
+            '      <button type="submit" class="button" name="submitView">' + \
+            translate['View'] + '</button>\n'
+        profileStr += '    </center>\n'
+        profileStr += '  </form>\n'
+        profileStr += '</div>\n'

    iconsPath = getIconsWebPath(baseDir)
    i = 0