diff --git a/app/javascript/styles/mastodon/rich_text.scss b/app/javascript/styles/mastodon/rich_text.scss
index 334ba98425..0ed2378192 100644
--- a/app/javascript/styles/mastodon/rich_text.scss
+++ b/app/javascript/styles/mastodon/rich_text.scss
@@ -91,6 +91,13 @@
sup {
vertical-align: super;
}
+
+}
+
+.status__content__text {
+ a.kmy-dangerous-link {
+ color: red !important;
+ }
}
.reply-indicator__content {
diff --git a/app/lib/text_formatter.rb b/app/lib/text_formatter.rb
index 39a0c060fd..980e783ff9 100644
--- a/app/lib/text_formatter.rb
+++ b/app/lib/text_formatter.rb
@@ -44,7 +44,6 @@ class TextFormatter
end
# line first letter for blockquote
- p 'DEBUG ' + html.gsub(/^gt;/, '>')
html = markdownify(html.gsub(/^>/, '>'))
# html = simple_format(html, {}, sanitize: false).delete("\n") if multiline?
diff --git a/lib/sanitize_ext/sanitize_config.rb b/lib/sanitize_ext/sanitize_config.rb
index 9cc500c36e..e976dbc9f4 100644
--- a/lib/sanitize_ext/sanitize_config.rb
+++ b/lib/sanitize_ext/sanitize_config.rb
@@ -50,6 +50,26 @@ class Sanitize
current_node.replace(Nokogiri::XML::Text.new(current_node.text, current_node.document)) unless LINK_PROTOCOLS.include?(scheme)
end
+ PHISHING_SCAM_HREF_TRANSFORMER = lambda do |env|
+ return unless env[:node_name] == 'a'
+
+ current_node = env[:node]
+ href = current_node['href']
+ text = current_node.text
+ cls = current_node['class'] || ''
+
+ scheme = if current_node['href'] =~ Sanitize::REGEX_PROTOCOL
+ Regexp.last_match(1).downcase
+ else
+ :relative
+ end
+
+ if LINK_PROTOCOLS.include?(scheme) && href != text
+ current_node['class'] = cls + ' kmy-dangerous-link'
+ current_node.before(Nokogiri::XML::Text.new('⚠', current_node.document))
+ end
+ end
+
UNSUPPORTED_ELEMENTS_TRANSFORMER = lambda do |env|
return unless %w(h1 h2 h3 h4 h5 h6).include?(env[:node_name])
@@ -82,6 +102,7 @@ class Sanitize
CLASS_WHITELIST_TRANSFORMER,
UNSUPPORTED_ELEMENTS_TRANSFORMER,
UNSUPPORTED_HREF_TRANSFORMER,
+ PHISHING_SCAM_HREF_TRANSFORMER,
]
)