Remove images from remote posts

To prevent tracking.
2022-10-12 23:21:54 +00:00 · 2022-10-12 23:21:54 +00:00 · c95e983a3d
commit c95e983a3d
parent 07941a94d6
1 changed files with 11 additions and 2 deletions
--- a/src/utils/html.rs
+++ b/src/utils/html.rs
@ -6,6 +6,8 @@ use ammonia::Builder;
 pub fn clean_html(unsafe_html: &str) -> String {
    let safe_html = Builder::default()
        .add_generic_attributes(&["class"])
+        // Remove src from external images to prevent tracking
+        .set_tag_attribute_value("img", "src", "")
        // Always add rel="noopener"
        .link_rel(Some("noopener"))
        .clean(unsafe_html)
@ -40,9 +42,16 @@ mod tests {

    #[test]
    fn test_clean_html() {
-        let unsafe_html = r#"<p><span class="h-card"><a href="https://example.com/user" class="u-url mention" rel="ugc">@<span>user</span></a></span> test</p>"#;
+        let unsafe_html = concat!(
+            r#"<p><span class="h-card"><a href="https://example.com/user" class="u-url mention" rel="ugc">@<span>user</span></a></span> test</p>"#,
+            r#"<p><img src="https://example.com/image.png"></p>"#,
+        );
+        let expected_safe_html = concat!(
+            r#"<p><span class="h-card"><a href="https://example.com/user" class="u-url mention" rel="noopener">@<span>user</span></a></span> test</p>"#,
+            r#"<p><img src=""></p>"#,
+        );
        let safe_html = clean_html(unsafe_html);
-        assert_eq!(safe_html, r#"<p><span class="h-card"><a href="https://example.com/user" class="u-url mention" rel="noopener">@<span>user</span></a></span> test</p>"#);
+        assert_eq!(safe_html, expected_safe_html);
    }

    #[test]