* Tighten allowed HTML in oEmbed-based preview cards * Sanitize preview cards at render time * Add `sandbox` attribute to preview card iframes
		
			
				
	
	
		
			19 lines
		
	
	
		
			496 B
		
	
	
	
		
			Ruby
		
	
	
	
	
	
			
		
		
	
	
			19 lines
		
	
	
		
			496 B
		
	
	
	
		
			Ruby
		
	
	
	
	
	
| # frozen_string_literal: true
 | |
| 
 | |
| class REST::PreviewCardSerializer < ActiveModel::Serializer
 | |
|   include RoutingHelper
 | |
| 
 | |
|   attributes :url, :title, :description, :type,
 | |
|              :author_name, :author_url, :provider_name,
 | |
|              :provider_url, :html, :width, :height,
 | |
|              :image, :embed_url, :blurhash
 | |
| 
 | |
|   def image
 | |
|     object.image? ? full_asset_url(object.image.url(:original)) : nil
 | |
|   end
 | |
| 
 | |
|   def html
 | |
|     Sanitize.fragment(object.html, Sanitize::Config::MASTODON_OEMBED)
 | |
|   end
 | |
| end
 |