mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-15 06:37:30 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

sanitize html for statuses + instance (#97)

Browse source 
* sanitize html for statuses + instance

* sanitization
This commit is contained in:
Tobi Smethurst 2021-07-13 16:03:51 +02:00 committed by GitHub
commit bdba3ff9a9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 99 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

2
internal/processing/status/create.go
View file

@ -29,7 +29,7 @@ func (p *processor) Create(account *gtsmodel.Account, application *gtsmodel.Appl
Local: true,
AccountID: account.ID,
AccountURI: account.URI,
ContentWarning: form.SpoilerText,
ContentWarning: util.RemoveHTML(form.SpoilerText),
ActivityStreamsType: gtsmodel.ActivityStreamsNote,
Sensitive: form.Sensitive,
Language: form.Language,

6
internal/processing/status/util.go
View file

@ -264,6 +264,10 @@ func (p *processor) processContent(form *apimodel.AdvancedStatusCreateForm, acco
// replace newlines with breaks
content = strings.ReplaceAll(content, "\n", "<br />")
status.Content = content
// sanitize html to remove any dodgy scripts or other disallowed elements
clean := util.SanitizeHTML(content)
// set the content as the shiny clean parsed content
status.Content = clean
return nil
}