diff options
| author |  tobi <tobi.smethurst@protonmail.com> | 2025-06-30 12:56:50 +0200 |
|---|---|---|
| committer |  kim <gruf@noreply.codeberg.org> | 2025-06-30 12:56:50 +0200 |
| commit | 5fbaf5b7bec6f59bb868dd8b76a90c1bbd2986b5 (patch) | |
| tree | 5003d30e1152d491840ef0a3ef7c2e2b69257742 /internal/text/sanitize.go | |
| parent | [bugfix] fix issues with postgres array serialization (#4295) (diff) | |
| download | gotosocial-5fbaf5b7bec6f59bb868dd8b76a90c1bbd2986b5.tar.xz | |
[feature] Allow anchor href to work for footnotes, use ID prefix to avoid clashes (#4298)
Updates markdown parser + sanitizer to allow footnote anchors to work properly, with appropriate roles. Footnote anchor IDs and backrefs use the status ID as a prefix to avoid clashes, so that footnotes don't break when multiple footnoted statuses are rendered on the same page (eg., in a thread or on the account's home page).
closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4296
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4298
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>
Diffstat (limited to 'internal/text/sanitize.go')
| -rw-r--r-- | internal/text/sanitize.go | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/internal/text/sanitize.go b/internal/text/sanitize.go index 29e1df1d8..87f039f31 100644 --- a/internal/text/sanitize.go +++ b/internal/text/sanitize.go @@ -124,17 +124,28 @@ var regular *bluemonday.Policy = func() *bluemonday.Policy { */ // Permit hyperlinks. - p.AllowAttrs("class", "href", "rel").OnElements("a") + p.AllowAttrs("class", "rel").OnElements("a") + + // Permit footnote roles on anchor elements. + p.AllowAttrs("role").Matching(regexp.MustCompile("^doc-noteref$")).OnElements("a") + p.AllowAttrs("role").Matching(regexp.MustCompile("^doc-backlink$")).OnElements("a") // URLs must be parseable by net/url.Parse(). p.RequireParseableURLs(true) - // Most common URL schemes only. + // Relative URLs are OK as we + // need fragments for footnotes. + p.AllowRelativeURLs(true) + + // However *only* allow common schemes, and also + // relative URLs beginning with "#", ie., fragments. + // We don't want URL's like "../../peepee.html". p.AllowURLSchemes("mailto", "http", "https") + p.AllowAttrs("href").Matching(regexp.MustCompile("^(?:#|mailto|https://|http://).+$")).OnElements("a") // Force rel="noreferrer". // See: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel/noreferrer - p.RequireNoReferrerOnLinks(true) + p.RequireNoReferrerOnFullyQualifiedLinks(true) // Add rel="nofollow" on all fully qualified (not relative) links. // See: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel#nofollow |