mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-13 21:07:27 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[bugfix] Fix HTML escaping in instance title (#607)

Browse source 
* move caption sanitization -> sanitize.go

* use sanitizeplaintext rather than removehtml

* rename sanitizecaption to sanitizeplaintext

* avoid removing html twice from statuses

* unexport remoteHTML
it's no longer used outside the text package so this
makes it less confusing

* test instance PATCH
This commit is contained in:
tobi 2022-05-26 11:37:13 +02:00 committed by GitHub
commit 5668ce1ec7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 381 additions and 151 deletions
Download patch file Download diff file Expand all files Collapse all files

2
internal/processing/instance.go
View file

@ -65,7 +65,7 @@ func (p *processor) InstancePatch(ctx context.Context, form *apimodel.InstanceSe
if err := validate.SiteTitle(*form.Title); err != nil {
return nil, gtserror.NewErrorBadRequest(err, fmt.Sprintf("site title invalid: %s", err))
}
i.Title = text.RemoveHTML(*form.Title) // don't allow html in site title
i.Title = text.SanitizePlaintext(*form.Title) // don't allow html in site title
}
// validate & update site contact account if it's set on the form