Extend external media checks

2025-06-05 21:59:27 +02:00 · 2024-01-24 19:14:40 +02:00
parent 9f81ea3c1f
commit 4985afd816
2 changed files with 37 additions and 6 deletions
--- a/public/index.html
+++ b/public/index.html
@@ -3420,9 +3420,9 @@
                                        <span class="fa-solid fa-circle-question note-link-span"></span>
                                    </a>
                                </label>
-                                <label class="checkbox_label" for="forbid_external_images" title="Disalow embedded images from other domains in chat messages.">
+                                <label class="checkbox_label" for="forbid_external_images" title="Disalow embedded media from other domains in chat messages.">
                                    <input id="forbid_external_images" type="checkbox" />
-                                    <span data-i18n="Forbid External Images">Forbid External Images</span>
+                                    <span data-i18n="Forbid External Media">Forbid External Media</span>
                                </label>
                                <label data-newbie-hidden class="checkbox_label" for="allow_name2_display">
                                    <input id="allow_name2_display" type="checkbox" />
--- a/public/script.js
+++ b/public/script.js
@@ -301,17 +301,48 @@ DOMPurify.addHook('uponSanitizeElement', (node, _, config) => {
        return;
    }
    if (!power_user.forbid_external_images) {
        return;
    }
    switch (node.tagName) {
        case 'AUDIO':
        case 'VIDEO':
        case 'SOURCE':
        case 'TRACK':
        case 'EMBED':
        case 'OBJECT':
        case 'IMG': {
            const isExternalUrl = (url) => (url.indexOf('://') > 0 || url.indexOf('//') === 0) && !url.startsWith(window.location.origin);
            const src = node.getAttribute('src');
            const data = node.getAttribute('data');
            const srcset = node.getAttribute('srcset');
-            if (power_user.forbid_external_images && isExternalUrl(src)) {
+            if (srcset) {
-                console.warn('External image blocked', src);
+                const srcsetUrls = srcset.split(',');
                for (const srcsetUrl of srcsetUrls) {
                    const [url] = srcsetUrl.trim().split(' ');
                    if (isExternalUrl(url)) {
                        console.warn('External media blocked', url);
                        node.remove();
                        break;
                    }
                }
            }
            if (src && isExternalUrl(src)) {
                console.warn('External media blocked', src);
                node.remove();
            }
            if (data && isExternalUrl(data)) {
                console.warn('External media blocked', data);
                node.remove();
            }
        }
-        break;
+            break;
    }
 });
@@ -1586,7 +1617,7 @@ function messageFormatting(mes, ch_name, isSystem, isUser) {
    } else if (!isSystem) {
        // Save double quotes in tags as a special character to prevent them from being encoded
        if (!power_user.encode_tags) {
-            mes = mes.replace(/<([^>]+)>/g, function(_, contents){
+            mes = mes.replace(/<([^>]+)>/g, function (_, contents) {
                return '<' + contents.replace(/"/g, '\ufffe') + '>';
            });
        }