sanitize html for statuses + instance (#97)

* sanitize html for statuses + instance * sanitization
2025-11-01 00:42:25 -05:00 · 2021-07-13 16:03:51 +02:00 · 2021-07-13 16:03:51 +02:00 · bdba3ff9a9
commit bdba3ff9a9
parent 846057f0d6
12 changed files with 99 additions and 36 deletions
--- a/internal/processing/media/update.go
+++ b/internal/processing/media/update.go
@ -26,6 +26,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )

 func (p *processor) Update(account *gtsmodel.Account, mediaAttachmentID string, form *apimodel.AttachmentUpdateRequest) (*apimodel.Attachment, gtserror.WithCode) {
@ -43,7 +44,7 @@ func (p *processor) Update(account *gtsmodel.Account, mediaAttachmentID string,
 	}

 	if form.Description != nil {
-		attachment.Description = *form.Description
+		attachment.Description = util.RemoveHTML(*form.Description)
 		if err := p.db.UpdateByID(mediaAttachmentID, attachment); err != nil {
 			return nil, gtserror.NewErrorInternalError(fmt.Errorf("database error updating description: %s", err))
 		}