From 446f07aa806aa2547321ba9692dfd01c960c8244 Mon Sep 17 00:00:00 2001
From: Mint <>
Date: Sat, 26 Nov 2022 22:17:11 +0300
Subject: [PATCH] Make funny out-of-bounds images configurable

---
 config/config.exs         |  1 +
 priv/scrubbers/default.ex | 24 +++++++++++++++++-------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/config/config.exs b/config/config.exs
index f6036379e..0493b0ce8 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -297,6 +297,7 @@ config :pleroma, :markup,
   allow_headings: false,
   allow_tables: false,
   allow_fonts: false,
+  allow_custom_classes: false,
   scrub_policy: [
     Pleroma.HTML.Scrubber.Default,
     Pleroma.HTML.Transform.MediaProxy
diff --git a/priv/scrubbers/default.ex b/priv/scrubbers/default.ex
index 2699d2884..c7233e816 100644
--- a/priv/scrubbers/default.ex
+++ b/priv/scrubbers/default.ex
@@ -76,14 +76,24 @@ defmodule Pleroma.HTML.Scrubber.Default do
     # restrict img tags to http/https only, because of MediaProxy.
     Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
 
-    Meta.allow_tag_with_this_attribute_values(:img, ["class"], ["emoji"])
+    if Pleroma.Config.get([:markup, :allow_custom_classes]) do
+      Meta.allow_tag_with_this_attribute_values(:img, ["class"], ["emoji"])
 
-    Meta.allow_tag_with_these_attributes(:img, [
-      "width",
-      "height",
-      "title",
-      "alt"
-    ])
+      Meta.allow_tag_with_these_attributes(:img, [
+        "width",
+        "height",
+        "title",
+        "alt"
+      ])
+    else
+      Meta.allow_tag_with_these_attributes(:img, [
+        "width",
+        "height",
+        "class",
+        "title",
+        "alt"
+      ])
+    end
   end
 
   if Pleroma.Config.get([:markup, :allow_tables]) do