From 1f1b72a11f193a84ab67fa103e2b20fd7a3157f3 Mon Sep 17 00:00:00 2001
From: Sam Therapy <sam@samtherapy.net>
Date: Sat, 26 Nov 2022 18:07:28 +0100
Subject: [PATCH] fix some XSS maybe

Signed-off-by: Sam Therapy <sam@samtherapy.net>
---
 priv/scrubbers/default.ex | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/priv/scrubbers/default.ex b/priv/scrubbers/default.ex
index 79fa6dcdf..0e861fcac 100644
--- a/priv/scrubbers/default.ex
+++ b/priv/scrubbers/default.ex
@@ -71,10 +71,11 @@ defmodule Pleroma.HTML.Scrubber.Default do
     # restrict img tags to http/https only, because of MediaProxy.
     Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
 
+    Meta.allow_tag_with_this_attribute_values(:img, ["class"], ["emoji"])
+
     Meta.allow_tag_with_these_attributes(:img, [
       "width",
       "height",
-      "class",
       "title",
       "alt"
     ])