Commit Graph

9 Commits

Author SHA1 Message Date
Dan Brown
59bbf504cf Content filtering: Added srcset protocol filter
Upstream libraries used did not specifically treat values in srcset as
URIs like other attributes, so this adds a simple filter for possible
bad values.
Updated tests to cover.

Thanks for Gurmandeep Deol for reporting.
2026-06-30 18:35:34 +01:00
Dan Brown
81f77a95de Content Filtering: Limited file protocol to just anchor hrefs
Updated allow list/purifier system to only allow file protocol use on
anchor hrefs to avoid potential security concerns with, after export,
content being auto loaded via interactive elements like
embeds/objects/videos etc...

Updated tests to cover.
Thanks to Gurmandeep Deol at Seneca Polytechnic for reporting.
2026-06-06 15:30:57 +01:00
Dan Brown
7aef0a48b3 Content: Updated filters to allow some required attributes
- Allows target attribute on links.
- Allows custom mention attribute on links.

Adds test case to cover these.
For #6034
2026-02-23 08:08:44 +00:00
Dan Brown
a8d96fd389 Content filter: Allowed custom diagram attribute in allow-list
For #6026
2026-02-18 19:33:35 +00:00
Dan Brown
9646339933 Testing: Addressed failing tests and static checks 2026-02-17 11:31:47 +00:00
Dan Brown
5d547fcf4c Deps: Updated PHP packages
Also fixed test namespace
2026-02-17 09:44:56 +00:00
Dan Brown
50e8501027 Content Filter: Added extra object filtering
Was blocked by CSP anyway, but best to have an extra layer.
2026-02-16 13:02:24 +00:00
Dan Brown
8a221f64e4 Content Filtering: Covered new config options and filters with tests 2026-02-16 10:11:48 +00:00
Dan Brown
035be66ebc Content: Updated tests and CSP usage of content script setting
Updates CSP to use new content_filtering option.
Splits out content filtering tests to their own class.
Updated tests where needed to adapt to changes.
2026-02-15 18:44:14 +00:00