prosody-modules
1c62edeb9147
mod_xhtmlim/mod_xhtmlim.lua
Software / code / prosody-modules
File
mod_xhtmlim/mod_xhtmlim.lua @ 6305:1c62edeb9147
mod_pastebin: Update Readme
diff --git a/mod_pastebin/README.md b/mod_pastebin/README.md
--- a/mod_pastebin/README.md
+++ b/mod_pastebin/README.md
@@ -37,12 +37,14 @@ For example:
Pastes will be available by default at
`http://<your-prosody>:5280/pastebin/` by default.
-In Prosody 0.9 and later this can be changed with [HTTP
-settings](https://prosody.im/doc/http).
+Ports and path can be changed with [HTTP
+settings](https://prosody.im/doc/http), for example like:
-In 0.8 and older this can be changed with `pastebin_ports` (see below),
-or you can forward another external URL from your web server to Prosody,
-use `pastebin_url` to set that URL.
+``` {.lua}
+ http_paths = {
+ pastebin = "/$host-paste";
+ }
+```
# Discovery
@@ -82,27 +84,16 @@ The line and character tresholds are adv
pastebin_line_threshold The maximum number of lines a message may have before it is sent to the pastebin. (default 4 lines)
pastebin_trigger A string of characters (e.g. "!paste ") which if detected at the start of a message, always sends the message to the pastebin, regardless of length. (default: not set)
pastebin_expire_after Number of hours after which to expire (remove) a paste, defaults to 24. Set to 0 to store pastes permanently on disk.
- pastebin_ports List of ports to run the HTTP server on, same format as mod_httpserver's http_ports[^1]
- pastebin_url Base URL to display for pastebin links, must end with / and redirect to Prosody's built-in HTTP server[^2]
# Compatibility
- ------ -------
- trunk Works
+ ------ ---------------------
+ trunk Works as of 25-06-13
+ 13 Works
0.12 Works
- 0.11 Works
- 0.10 Works
- 0.9 Works
- 0.8 Works
- ------ -------
+ ------ ---------------------
# Todo
- Maximum paste length
- Web interface to submit pastes?
-
-[^1]: As of Prosody 0.9, `pastebin_ports` is replaced by `http_ports`,
- see [Prosody HTTP server documentation](https://prosody.im/doc/http)
-
-[^2]: See also
- [http_external_url](https://prosody.im/doc/http#external_url)
| author | Menel <menel@snikket.de> |
|---|---|
| date | Fri, 13 Jun 2025 11:39:58 +0200 |
| parent | 3699:1f68287138e3 |
line wrap: on
line source
-- XEP-0071: XHTML-IM sanitizing local assert = assert; local st = require "util.stanza"; local url = require "socket.url"; local no_styles = module:get_option_boolean("strip_xhtml_style", true); -- Tables from XEP-0071 local xeptables = [[ <body/> class, id, title; style <head/> profile <html/> version <title/> <abbr/> class, id, title; style <acronym/> class, id, title; style <address/> class, id, title; style <blockquote/> class, id, title; style; cite <br/> class, id, title; style <cite/> class, id, title; style <code/> class, id, title; style <dfn/> class, id, title; style <div/> class, id, title; style <em/> class, id, title; style <h1/> class, id, title; style <h2/> class, id, title; style <h3/> class, id, title; style <h4/> class, id, title; style <h5/> class, id, title; style <h6/> class, id, title; style <kbd/> class, id, title; style <p/> class, id, title; style <pre/> class, id, title; style <q/> class, id, title; style; cite <samp/> class, id, title; style <span/> class, id, title; style <strong/> class, id, title; style <var/> class, id, title; style <a/> class, id, title; style; accesskey, charset, href, hreflang, rel, rev, tabindex, type <dl/> class, id, title; style <dt/> class, id, title; style <dd/> class, id, title; style <ol/> class, id, title; style <ul/> class, id, title; style <li/> class, id, title; style <img/> class, id, title; style; alt, height, longdesc, src, width ]]; -- map of whitelisted tag names to set of allowed attributes local tags = {}; -- { string : { string : boolean } } for tag, attrs in xeptables:gmatch("<(%w+)/>([^\n]*)") do tags[tag] = { xmlns = true, ["xml:lang"] = true }; for attr in attrs:gmatch("%w+") do tags[tag][attr] = true; end if no_styles then tags[tag]["style"] = nil; end end -- module:log("debug", "tags = %s;", require "util.serialization".serialize(tags)); -- TODO Decide if disallowed tags should be bounced or silently discarded. -- XEP says "ignore" and replace tag with text content, but that would -- need a different transform which can't use `maptags`. if not module:get_option_boolean("bounce_invalid_xhtml", false) then assert = function (x) return x end end local function sanitize_xhtml(tag) -- module:log("debug", "sanitize_xhtml(<{%s}%s>)", tag.attr.xmlns, tag.name); if tag.attr.xmlns == "http://www.w3.org/1999/xhtml" then local allowed = assert(tags[tag.name], tag.name); if allowed then for attr, value in pairs(tag.attr) do if not allowed[attr] then -- module:log("debug", "Removing disallowed attribute %q from <%s>", attr, tag.name); tag.attr[attr] = nil; elseif attr == "src" or attr == "href" then local urlattr = url.parse(value); local scheme = urlattr and urlattr.scheme; if scheme ~= "http" and scheme ~= "https" and scheme ~= "mailto" and scheme ~= "xmpp" and scheme ~= "cid" then tag.attr[attr] = "https://url.was.invalid/"; end end end else tag.name = "span" tag.attr = { xmlns = "http://www.w3.org/1999/xhtml" } end -- Check child tags tag:maptags(sanitize_xhtml); -- This tag is clean! return tag; end -- Not xhtml, probably best to discard it return nil; end -- Check for xhtml-im, sanitize if exists local function message_handler(event) local stanza = event.stanza; if stanza:get_child("html", "http://jabber.org/protocol/xhtml-im") then stanza = st.clone(stanza); if pcall(function() -- try stanza:get_child("html", "http://jabber.org/protocol/xhtml-im"):maptags(sanitize_xhtml); end) then event.stanza = stanza; else -- catch if stanza.attr.type ~= "error" then event.origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Stanza contained illegal XHTML-IM tag")); end return true; end end end -- Stanzas received from clients module:hook("pre-message/bare", message_handler, 71); module:hook("pre-message/full", message_handler, 71); module:hook("pre-message/host", message_handler, 71); -- Stanzas about to be delivered to clients module:hook("message/bare", message_handler, 71); module:hook("message/full", message_handler, 71);
