mirror of
https://github.com/discourse/discourse.git
synced 2025-02-25 18:55:32 -06:00
5238f6788c
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media. |
||
|---|---|---|
| .. | ||
| common | ||
| desktop | ||
| mobile | ||
| vendor | ||
| admin.scss | ||
| color_definitions.scss | ||
| common.scss | ||
| desktop_rtl.scss | ||
| desktop.scss | ||
| embed.scss | ||
| ember_cli.scss | ||
| mobile_rtl.scss | ||
| mobile.scss | ||
| publish_desktop_rtl.scss | ||
| publish_desktop.scss | ||
| publish_mobile_rtl.scss | ||
| publish_mobile.scss | ||
| publish.scss | ||
| test_helper.scss | ||
| testem.scss | ||
| wcag.scss | ||
| wizard.scss | ||