mirror of
https://github.com/discourse/discourse.git
synced 2025-02-25 18:55:32 -06:00
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media. |
||
---|---|---|
.. | ||
common | ||
desktop | ||
mobile | ||
vendor | ||
admin.scss | ||
color_definitions.scss | ||
common.scss | ||
desktop_rtl.scss | ||
desktop.scss | ||
embed.scss | ||
ember_cli.scss | ||
mobile_rtl.scss | ||
mobile.scss | ||
publish_desktop_rtl.scss | ||
publish_desktop.scss | ||
publish_mobile_rtl.scss | ||
publish_mobile.scss | ||
publish.scss | ||
test_helper.scss | ||
testem.scss | ||
wcag.scss | ||
wizard.scss |