diff --git a/app/lib/text_formatter.rb b/app/lib/text_formatter.rb
index 243e89289125de..0404cbaced8f85 100644
--- a/app/lib/text_formatter.rb
+++ b/app/lib/text_formatter.rb
@@ -79,7 +79,7 @@ def link_to_url(entity)
cutoff = url[prefix.length..-1].length > 30
<<~HTML.squish
- #{h(prefix)}#{h(display_url)}#{h(suffix)}
+ #{h(prefix)}#{h(display_url)}#{h(suffix)}
HTML
rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
h(entity[:url])
@@ -122,7 +122,7 @@ def link_to_mention(entity)
display_username = same_username_hits&.positive? || with_domains? ? account.pretty_acct : account.username
<<~HTML.squish
- @#{h(display_username)}
+ @#{h(display_username)}
HTML
end
diff --git a/lib/sanitize_ext/sanitize_config.rb b/lib/sanitize_ext/sanitize_config.rb
index 9cc500c36e9df9..bcd89af67a68b1 100644
--- a/lib/sanitize_ext/sanitize_config.rb
+++ b/lib/sanitize_ext/sanitize_config.rb
@@ -36,6 +36,11 @@ module Config
node['class'] = class_list.join(' ')
end
+ TRANSLATE_TRANSFORMER = lambda do |env|
+ node = env[:node]
+ node.remove_attribute('translate') unless node['translate'] == 'no'
+ end
+
UNSUPPORTED_HREF_TRANSFORMER = lambda do |env|
return unless env[:node_name] == 'a'
@@ -63,8 +68,8 @@ module Config
elements: %w(p br span a del pre blockquote code b strong u i em ul ol li),
attributes: {
- 'a' => %w(href rel class),
- 'span' => %w(class),
+ 'a' => %w(href rel class translate),
+ 'span' => %w(class translate),
'ol' => %w(start reversed),
'li' => %w(value),
},
@@ -80,6 +85,7 @@ module Config
transformers: [
CLASS_WHITELIST_TRANSFORMER,
+ TRANSLATE_TRANSFORMER,
UNSUPPORTED_ELEMENTS_TRANSFORMER,
UNSUPPORTED_HREF_TRANSFORMER,
]
diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb
index a01122bed0e18b..550ad1c52b0643 100644
--- a/spec/lib/sanitize_config_spec.rb
+++ b/spec/lib/sanitize_config_spec.rb
@@ -38,6 +38,14 @@
expect(Sanitize.fragment('Test', subject)).to eq 'Test'
end
+ it 'keeps a with translate="no"' do
+ expect(Sanitize.fragment('Test', subject)).to eq 'Test'
+ end
+
+ it 'removes "translate" attribute with invalid value' do
+ expect(Sanitize.fragment('Test', subject)).to eq 'Test'
+ end
+
it 'removes a with unparsable href' do
expect(Sanitize.fragment('Test', subject)).to eq 'Test'
end