From 595d855f0ebd88faede51bf3e08384e956465722 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Thu, 18 Oct 2018 14:29:31 +0000
Subject: [PATCH] html scrubbing policies: restrict img tags to http/https only
 for mediaproxy compatibility

---
 lib/pleroma/html.ex | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex
index 2d2155b82..fdc5e7dab 100644
--- a/lib/pleroma/html.ex
+++ b/lib/pleroma/html.ex
@@ -63,7 +63,8 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
 
   if @allow_inline_images do
-    Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
+    # restrict img tags to http/https only, because of MediaProxy.
+    Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 
     Meta.allow_tag_with_these_attributes("img", [
       "width",
@@ -113,7 +114,8 @@ defmodule Pleroma.HTML.Scrubber.Default do
   @allow_inline_images Keyword.get(@markup, :allow_inline_images)
 
   if @allow_inline_images do
-    Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes)
+    # restrict img tags to http/https only, because of MediaProxy.
+    Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 
     Meta.allow_tag_with_these_attributes("img", [
       "width",