laxer HTML sanitisation for admin-controlled text - fixes #447 (!454) · Merge requests · TransFem.org / Sharkey

What does this PR do? Allows images and styled links in admin-controlled HTML (instance description, rules). We can allow more things later if needed, in a single place.

I have intentionally not changed the sanitiser used in packages/backend/src/server/api/endpoints/users/report-abuse.ts because that one deals with HTML sent by random users, so we should trust it less.

Also I have not touched packages/frontend/src/components/MkAutocomplete.vue because that's just cleaning up emoji names.

Contribution Guidelines By submitting this merge request, you agree to follow our Contribution Guidelines

I agree to follow this project's Contribution Guidelines
I have made sure to test this pull request

laxer HTML sanitisation for admin-controlled text - fixes #447

Merge request reports