commit: a6d4cc8917b67b1b79891b60bfa3f38b8b58fde8
parent: 5a8bb3cb3b0cc7de82bd699d68519593349fee53
Author: kaniini <nenolod@gmail.com>
Date: Tue, 21 Aug 2018 16:56:24 +0000
Merge branch 'sanitize-bio' into 'develop'
mastodon api: sanitize the bio HTML
See merge request pleroma/pleroma!282
Diffstat:
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -36,7 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
followers_count: user_info.follower_count,
following_count: user_info.following_count,
statuses_count: user_info.note_count,
- note: user.bio || "",
+ note: HtmlSanitizeEx.basic_html(user.bio) || "",
url: user.ap_id,
avatar: image,
avatar_static: image,
diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs
@@ -20,6 +20,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
info: %{"note_count" => 5, "follower_count" => 3, "source_data" => source_data},
nickname: "shp@shitposter.club",
name: ":karjalanpiirakka: shp",
+ bio: "<script src=\"invalid-html\"></script><span>valid html</span>",
inserted_at: ~N[2017-08-15 15:47:06.597036]
})
@@ -33,7 +34,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
followers_count: 3,
following_count: 0,
statuses_count: 5,
- note: user.bio,
+ note: "<span>valid html</span>",
url: user.ap_id,
avatar: "http://localhost:4001/images/avi.png",
avatar_static: "http://localhost:4001/images/avi.png",