From 84a6d0c498a4f5bec03235777afe730b43d96622 Mon Sep 17 00:00:00 2001 From: Thomas Sileo Date: Sun, 18 Aug 2019 15:36:59 +0200 Subject: [PATCH] Tweak HTML sanitization and media proxy --- app.py | 8 +++++++- utils/template_filters.py | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app.py b/app.py index 8ccddef..ea8c904 100644 --- a/app.py +++ b/app.py @@ -254,7 +254,13 @@ def proxy(scheme: str, url: str) -> Any: for chunk in resp.raw.stream(decode_content=False): yield chunk - return Response(data(), headers=dict(resp.raw.headers)) + resp_headers = { + k: v + for k, v in dict(resp.raw.headers).items() + if k.lower() + in ["content-type", "etag", "cache-control", "expires", "date", "last-modified"] + } + return Response(data(), headers=resp_headers) @app.route("/media/") diff --git a/utils/template_filters.py b/utils/template_filters.py index 72d2c71..0eb3c7d 100644 --- a/utils/template_filters.py +++ b/utils/template_filters.py @@ -93,7 +93,7 @@ ALLOWED_TAGS = [ def clean_html(html): try: - return bleach.clean(html, tags=ALLOWED_TAGS) + return bleach.clean(html, tags=ALLOWED_TAGS, strip=True) except Exception: return ""