discourse/app/assets/stylesheets
David Taylor 5238f6788c
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.

`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.

This implementation is purely server-side, and does not impact the composer preview.

Technically, there are two stages to this feature:

1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute

2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 15:23:04 +01:00
..
common FEATURE: Allow hotlinked media to be blocked (#16940) 2022-06-07 15:23:04 +01:00
desktop UX: Fix status icon size in suggested topics (#16845) 2022-05-16 15:53:40 -04:00
mobile FIX: auto margins cause too-narrow content (#16725) 2022-05-12 08:13:53 +08:00
vendor FIX: uses tippy for popover (#15409) 2022-05-02 17:10:26 +02:00
admin.scss Sane sendAction() behavior 2015-09-11 09:34:20 -07:00
color_definitions.scss UX: update hljs-builtin-name highlight (#16859) 2022-05-18 15:55:40 +02:00
common.scss FEATURE: user status (#16875) 2022-05-27 13:15:14 +04:00
desktop_rtl.scss FEATURE: support user local switching to RTL correctly 2015-05-20 15:56:54 +10:00
desktop.scss DEV: Added support for custom site setting 'emoji_list' (#12414) 2021-04-07 15:32:05 +02:00
embed.scss DEV: Refactor font and category background importers (#12312) 2021-03-10 11:05:56 -05:00
ember_cli.scss DEV: Require Ember CLI to be used in development mode (#12738) 2021-04-29 14:13:36 -04:00
mobile_rtl.scss FEATURE: support user local switching to RTL correctly 2015-05-20 15:56:54 +10:00
mobile.scss DEV: Refactor font and category background importers (#12312) 2021-03-10 11:05:56 -05:00
publish_desktop_rtl.scss FEATURE: adds support for mobile view on page publishing (#10662) 2020-09-13 13:50:23 +02:00
publish_desktop.scss FEATURE: adds support for mobile view on page publishing (#10662) 2020-09-13 13:50:23 +02:00
publish_mobile_rtl.scss FEATURE: adds support for mobile view on page publishing (#10662) 2020-09-13 13:50:23 +02:00
publish_mobile.scss FEATURE: adds support for mobile view on page publishing (#10662) 2020-09-13 13:50:23 +02:00
publish.scss DEV: Remove SCSS color vars fallbacks (#13035) 2021-05-12 08:56:15 -04:00
test_helper.scss FEATURE: Allow theme tests to be run in production (take 2) (#12845) 2021-04-28 23:12:08 +03:00
testem.scss DEV: Add colors/styling to Ember CLI and qunit tests (#12617) 2021-04-06 11:48:44 -04:00
wcag.scss UX: Fix hover state for flat buttons in WCAG schemes (#16601) 2022-05-03 08:48:58 +10:00
wizard.scss FIX: Align progress text (#15856) 2022-02-07 18:18:17 -06:00