Tweak HTML sanitization and media proxy

2019-08-18 15:36:59 +02:00 · 2019-08-18 15:36:59 +02:00 · 84a6d0c498
commit 84a6d0c498
parent 77720b61af
2 changed files with 8 additions and 2 deletions
--- a/app.py
+++ b/app.py
@ -254,7 +254,13 @@ def proxy(scheme: str, url: str) -> Any:
        for chunk in resp.raw.stream(decode_content=False):
            yield chunk

-    return Response(data(), headers=dict(resp.raw.headers))
+    resp_headers = {
+        k: v
+        for k, v in dict(resp.raw.headers).items()
+        if k.lower()
+        in ["content-type", "etag", "cache-control", "expires", "date", "last-modified"]
+    }
+    return Response(data(), headers=resp_headers)


@app.route("/media/<media_id>")
--- a/utils/template_filters.py
+++ b/utils/template_filters.py
@ -93,7 +93,7 @@ ALLOWED_TAGS = [

 def clean_html(html):
    try:
-        return bleach.clean(html, tags=ALLOWED_TAGS)
+        return bleach.clean(html, tags=ALLOWED_TAGS, strip=True)
    except Exception:
        return ""