Commit Graph

56 Commits

Author SHA1 Message Date
David Taylor 5238f6788c
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.

`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.

This implementation is purely server-side, and does not impact the composer preview.

Technically, there are two stages to this feature:

1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute

2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 15:23:04 +01:00
Osama Sayegh eddb8891c4
FIX: Clear inline onebox cache when a post is rebaked (#16871)
Meta topic: https://meta.discourse.org/t/prevent-to-linkify-when-there-is-a-redirect/226964/4?u=osama.
2022-05-20 14:09:50 +03:00
Bianca Nenciu cbaf7c949b
FIX: Make sure max_oneboxes_per_post is enforced (#16215)
PostAnalyzer and CookedPostProcessor both replace URLs with oneboxes.
PostAnalyzer did not use the max_oneboxes_per_post site and setting and
CookedPostProcessor replaced at most max_oneboxes_per_post URLs ignoring
the oneboxes that were replaced already by PostAnalyzer.
2022-03-23 17:36:08 +02:00
Bianca Nenciu e4e2c7c66f
FIX: Improve anchor links (#12683)
* FIX: Use theme color for anchor icon

* FIX: Do not count anchor links

* FIX: Do not count hashtags links either

* DEV: Add tests for link_count

* FIX: Disable anchors in quotes and preview

* FIX: Try building some anchor slugs for unicode

* DEV: Fix tests
2021-04-14 10:27:07 +03:00
jbrw 3593e582a3
FIX - limit number of embedded media items in a post (#10391)
* FIX - limit number of embedded media items in a post

* Add renamed settings to DeprecatedSettings
2020-08-07 12:08:59 -04:00
Krzysztof Kotlarek e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Régis Hanol 7109d94ee7 FIX: properly invalidate inline oneboxes when rebaking
When rebaking a post we were invalidating _regular_ oneboxes but not inline oneboxes.

DEV: also renamed 'InlineOneboxer.purge' to 'InlineOneboxer.invalidate' to keep
the API consistent with 'Oneboxer.invalidate'
2020-06-24 11:54:54 +02:00
Krzysztof Kotlarek 9bff0882c3
FEATURE: Nokogumbo (#9577)
* FEATURE: Nokogumbo

Use Nokogumbo HTML parser.
2020-05-05 13:46:57 +10:00
Jarek Radosz 6cfd16656f
FIX: Ignore group mentions inside quotes (#8905)
Also includes:
* DEV: Reuse found elements
2020-02-10 18:31:42 +01:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Bianca Nenciu 0d22beb81d
FIX: Improve Onebox detection (#8019)
Follow-up to 7c83d2eeb2.
2019-09-10 13:59:48 +03:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Gerhard Schlager a7bc1ecbae FEATURE: Add support for Unicode usernames and group names
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-04-23 13:00:27 +02:00
Guo Xiang Tan 529e4018f0 DEV: Avoid using `send` and make the method public instead. 2018-09-13 16:34:32 +08:00
Régis Hanol de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Robin Ward fd54c92a52 FEATURE: New site setting, whitelisted_link_domains
If provided, users who normally couldn't post links (say, due to a
low trust level), can post links to those specific hosts.
2018-06-13 16:11:22 -04:00
Guo Xiang Tan ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Robin Ward 31d0998506 FIX: Don't allow links with no href 2018-03-28 12:32:16 -04:00
Robin Ward c74d10cf34 FIX: Consider live links in `<code>` as links when counting 2018-03-06 11:46:12 -05:00
Robin Ward 5c40ae9e63 FIX: Links in quotes should be counted for rate limits 2018-02-20 20:42:01 -05:00
Sam f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Robin Ward 5466389f4e FIX: Consider oneboxes links wrt to `min_trust_level_to_post_links` 2018-02-08 18:27:40 -05:00
Gerhard Schlager 9207dee69a FEATURE: escape HTML when cooking plaintext emails 2017-11-15 20:22:11 +01:00
Gerhard Schlager 4205c1ad2b FIX: postprocessing ignored cook method 2017-10-20 10:26:45 +02:00
Darren Lee 90dd1609eb FIX: memoization in PostAnalyzer.raw_mentions (#5172)
Due to a missing 's' when assigning the computed value to @raw_mentions, the raw_mentions function in PostAnalyzer would never retrieve a memoized value.
2017-09-11 20:01:24 +02:00
Guo Xiang Tan 0531ef2e20 Fix calling `exists?` on Arrays. 2017-08-24 09:56:07 +09:00
Guo Xiang Tan 91d3929f52 Merge pull request #5078 from lelelelemon/master
change count>0 to exists
2017-08-24 09:24:42 +09:00
junwen yang 8124f26a6e change count>0 to exists 2017-08-23 22:54:51 +00:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward 45a257815a Convert front end paths from `/users/` to `/u/` 2017-03-30 10:23:24 -04:00
Régis Hanol 06469ef0ce FIX: don't extract links from .elided parts 2016-12-05 15:19:15 +01:00
Robin Ward 0396b14b70
FEATURE: New "First Onebox" badge 2016-04-12 15:31:14 -04:00
Sam Saffron 12b5821d79 add missing class 2016-02-24 19:09:18 +11:00
Sam 833af461ab FIX: stop using regex to detect mentions 2016-02-24 17:47:55 +11:00
Régis Hanol 96aa5b865f FIX: mentions regex server-side (ie. don't count email addresses) 2016-01-12 09:53:09 +01:00
Régis Hanol f654528aa4 FIX: user/group/category mention dialects with less strict matchers 2016-01-06 18:47:21 +01:00
Sam 57870b970d correct hack and move to oneboxer 2015-09-25 20:14:53 +10:00
Régis Hanol 80f258e51c FIX: don't count mentions in oneboxes 2015-06-24 11:44:58 +02:00
Sam 948617cb0b FIX: ruby 2.2 using new parsing library which is way too lax 2015-03-18 16:25:24 +11:00
Akshay 6301a43d57 Not initializing variable for looping if unused in loop 2014-08-15 03:24:55 +05:30
Robin Ward 9c48f8f154 FIX: Don't surround `<aside>` with `<p>` as that is malformed HTML. 2014-06-30 18:11:22 -04:00
Sam 00a46253ae BUGFIX: Don't resolve oneboxes when cooking
Defer to post save job
2014-03-18 15:22:53 +11:00
Régis Hanol f25bcc5067 couple of bugfixes identified while importing from VB 2014-03-07 10:44:04 +01:00
Robin Ward e453bfa073 Work in progress: Swap out onebox code for onebox gem 2014-01-29 14:14:07 -05:00
Régis Hanol 82dd9009e3 4% speedup on our test suite 2013-10-17 18:47:08 +02:00
Robin Ward 15cad17810 FIX: Nokogiri bugs in certain environments 2013-10-16 12:19:59 -04:00
Robin Ward 7f69a58439 Replace Markdown parser. 2013-08-21 10:10:57 -04:00
Sam f4d833da27 fix onebox exception, if oneboxes fail on save we log a warning to the log 2013-08-20 11:38:10 +10:00
Régis Hanol ed9417fa3b enable thumbnailing on S3
- added url to optimized image model
- refactored s3_store & local_store
2013-07-31 23:26:34 +02:00
Ryan Boland 553a671fdb fix mentions in code blocks 2013-07-30 18:01:42 -04:00