Skip to content
Snippets Groups Projects

laxer HTML sanitisation for admin-controlled text - fixes #447

Merged dakkar requested to merge feature/less-aggressive-html-sanitisation-447 into develop

What does this PR do? Allows images and styled links in admin-controlled HTML (instance description, rules). We can allow more things later if needed, in a single place.

I have intentionally not changed the sanitiser used in packages/backend/src/server/api/endpoints/users/report-abuse.ts because that one deals with HTML sent by random users, so we should trust it less.

Also I have not touched packages/frontend/src/components/MkAutocomplete.vue because that's just cleaning up emoji names.

Contribution Guidelines By submitting this merge request, you agree to follow our Contribution Guidelines

  • I agree to follow this project's Contribution Guidelines
  • I have made sure to test this pull request

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply
Loading