laxer HTML sanitisation for admin-controlled text - fixes #447
What does this PR do? Allows images and styled links in admin-controlled HTML (instance description, rules). We can allow more things later if needed, in a single place.
I have intentionally not changed the sanitiser used in packages/backend/src/server/api/endpoints/users/report-abuse.ts
because that one deals with HTML sent by random users, so we should trust it less.
Also I have not touched packages/frontend/src/components/MkAutocomplete.vue
because that's just cleaning up emoji names.
Contribution Guidelines By submitting this merge request, you agree to follow our Contribution Guidelines
-
I agree to follow this project's Contribution Guidelines -
I have made sure to test this pull request
Merge request reports
Activity
Filter activity
Please register or sign in to reply