mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-31 22:32:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

sanitize html for statuses + instance (#97)

Browse source 
* sanitize html for statuses + instance

* sanitization
This commit is contained in:
Tobi Smethurst 2021-07-13 16:03:51 +02:00 committed by GitHub
commit bdba3ff9a9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 99 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/processing/account/update.go
View file

@ -50,7 +50,8 @@ func (p *processor) Update(account *gtsmodel.Account, form *apimodel.UpdateCrede
if err := util.ValidateDisplayName(*form.DisplayName); err != nil {
return nil, err
}
if err := p.db.UpdateOneByID(account.ID, "display_name", *form.DisplayName, &gtsmodel.Account{}); err != nil {
displayName := util.RemoveHTML(*form.DisplayName) // no html allowed in display name
if err := p.db.UpdateOneByID(account.ID, "display_name", displayName, &gtsmodel.Account{}); err != nil {
return nil, err
}
}
@ -59,7 +60,8 @@ func (p *processor) Update(account *gtsmodel.Account, form *apimodel.UpdateCrede
if err := util.ValidateNote(*form.Note); err != nil {
return nil, err
}
if err := p.db.UpdateOneByID(account.ID, "note", *form.Note, &gtsmodel.Account{}); err != nil {
note := util.SanitizeHTML(*form.Note) // html OK in note but sanitize it
if err := p.db.UpdateOneByID(account.ID, "note", note, &gtsmodel.Account{}); err != nil {
return nil, err
}
}