Alex Gleason (npub108p…yev6) Caleb James DeLisle (npub1mh5…233h) i've sorta disagreed with the "you can upload anything!!!" nature of attachments on pleroma/related software, and really wanted a MIME type filter MRF to strip attachments matching a blacklist (or even safer, only allow attachments matching a whitelist) when the evil SVG debacle happened some time ago.
for now it's easy to just cheat at the web server level with
location ~* (\.svg$|\.js$|\.mjs$|\.cjs$|\.html$|\.xhtml$|\.htm$) {
deny all;
return 403;
}
7666 /
npub1ur…ae6hx
2023-09-07 19:28:35
in reply to nevent1q…tyet
Author Public Key
npub1ur37c57f062f2ngrw546s4xhjm7wq8c4rfmy3warq338cytq9m4qqae6hxPublished at
2023-09-07 19:28:35Event JSON
{
"id": "b1a1075c0e25414e7f946faaf1f875d8fba4947429b947f034f94a8dda4658e5",
"pubkey": "e0e3ec53c97e94954d03752ba854d796fce01f151a7648bba304627c11602eea",
"created_at": 1694114915,
"kind": 1,
"tags": [
[
"p",
"79c2cae114ea28a981e7559b4fe7854a473521a8d22a66bbab9fa248eb820ff6",
"wss://relay.mostr.pub"
],
[
"p",
"dde9dd6efbaf3c747c06bfd60f732666acd686e4c2eff471937f0c7c5fca5e0e",
"wss://relay.mostr.pub"
],
[
"e",
"ce154fe3103d2543b6042209f8743651651a03e82d938e95479f581e7cd9fb85",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://comp.lain.la/objects/e9080a5e-7e39-49b0-8869-c38367d95d5f",
"activitypub"
]
],
"content": "nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1mh5a6mhm4u78glqxhltq7uexv6kddphycthlguvn0ux8ch72tc8q6q233h i've sorta disagreed with the \"you can upload anything!!!\" nature of attachments on pleroma/related software, and really wanted a MIME type filter MRF to strip attachments matching a blacklist (or even safer, only allow attachments matching a whitelist) when the evil SVG debacle happened some time ago.\n\nfor now it's easy to just cheat at the web server level with\n\nlocation ~* (\\.svg$|\\.js$|\\.mjs$|\\.cjs$|\\.html$|\\.xhtml$|\\.htm$) {\n deny all;\n return 403;\n}",
"sig": "3ae17a6e55150971b478a589355d3b7c8adf6d548e4bd8c6df5c736059698108f4521652a6c7788e2a1e9e1387b953e89a8153a31ea4d085b3c5eb17c5d6739e"
}