From 84a6d0c498a4f5bec03235777afe730b43d96622 Mon Sep 17 00:00:00 2001
From: Thomas Sileo <t@a4.io>
Date: Sun, 18 Aug 2019 15:36:59 +0200
Subject: [PATCH] Tweak HTML sanitization and media proxy

---
 app.py                    | 8 +++++++-
 utils/template_filters.py | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app.py b/app.py
index 8ccddef..ea8c904 100644
--- a/app.py
+++ b/app.py
@@ -254,7 +254,13 @@ def proxy(scheme: str, url: str) -> Any:
         for chunk in resp.raw.stream(decode_content=False):
             yield chunk
 
-    return Response(data(), headers=dict(resp.raw.headers))
+    resp_headers = {
+        k: v
+        for k, v in dict(resp.raw.headers).items()
+        if k.lower()
+        in ["content-type", "etag", "cache-control", "expires", "date", "last-modified"]
+    }
+    return Response(data(), headers=resp_headers)
 
 
 @app.route("/media/<media_id>")
diff --git a/utils/template_filters.py b/utils/template_filters.py
index 72d2c71..0eb3c7d 100644
--- a/utils/template_filters.py
+++ b/utils/template_filters.py
@@ -93,7 +93,7 @@ ALLOWED_TAGS = [
 
 def clean_html(html):
     try:
-        return bleach.clean(html, tags=ALLOWED_TAGS)
+        return bleach.clean(html, tags=ALLOWED_TAGS, strip=True)
     except Exception:
         return ""