From 3c6b1d6ab76f05fad7fccd86df4fd403c44599a6 Mon Sep 17 00:00:00 2001 From: ghost Date: Fri, 8 Dec 2023 20:06:47 +0200 Subject: [PATCH] allow markdown from whitelist only --- templates/default/torrent/info.html.twig | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/templates/default/torrent/info.html.twig b/templates/default/torrent/info.html.twig index a7aadd9..2877ae7 100644 --- a/templates/default/torrent/info.html.twig +++ b/templates/default/torrent/info.html.twig @@ -238,9 +238,8 @@ {{ 'Source' | trans }} - {# disable markdown as unsafe for unfiltered content #} - {#{{ file.source | url_to_markdown | markdown_to_html }}#} - {{ file.source }} + {# strip all tags then apply whitelist markdown filters to prevent ping from remote #} + {{ file.source | striptags | markdown_to_html | striptags | url_to_markdown | markdown_to_html }} {% endif %} @@ -250,9 +249,8 @@ {{ 'Software' | trans }} - {# disable markdown as unsafe for unfiltered content #} - {#{{ file.software | url_to_markdown | markdown_to_html }}#} - {{ file.software }} + {# strip all tags then apply whitelist markdown filters to prevent ping from remote #} + {{ file.software | striptags | markdown_to_html | striptags | url_to_markdown | markdown_to_html }} {% endif %} @@ -262,9 +260,8 @@ {{ 'Comment' | trans }} - {# disable markdown as unsafe for unfiltered content #} - {#{{ file.comment | url_to_markdown | markdown_to_html }}#} - {{ file.comment }} + {# strip all tags then apply whitelist markdown filters to prevent ping from remote #} + {{ file.comment | striptags | markdown_to_html | striptags | url_to_markdown | markdown_to_html }} {% endif %}