From 8feec8d390f34114c5f42faf366f899a2b4af9fb Mon Sep 17 00:00:00 2001 From: Roger Braun Date: Sun, 18 Jun 2017 13:40:35 +0200 Subject: [PATCH] Strip unsafe html on output in TwAPI. --- .../web/twitter_api/representers/activity_representer.ex | 2 +- .../twitter_api/representers/activity_representer_test.exs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex index ade200268..6f22e45fa 100644 --- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex @@ -105,7 +105,7 @@ def to_map(%Activity{data: %{"object" => %{"content" => content} = object}} = ac "id" => activity.id, "user" => UserRepresenter.to_map(user, opts), "attentions" => [], - "statusnet_html" => content, + "statusnet_html" => HtmlSanitizeEx.basic_html(content), "text" => HtmlSanitizeEx.strip_tags(content), "is_local" => true, "is_post_verb" => true, diff --git a/test/web/twitter_api/representers/activity_representer_test.exs b/test/web/twitter_api/representers/activity_representer_test.exs index dce6025c4..022595b91 100644 --- a/test/web/twitter_api/representers/activity_representer_test.exs +++ b/test/web/twitter_api/representers/activity_representer_test.exs @@ -67,7 +67,7 @@ test "an activity" do } } - content_html = "Some #content #mentioning @shp" + content_html = "Some #content #mentioning @shp" content = HtmlSanitizeEx.strip_tags(content_html) date = DateTime.from_naive!(~N[2016-05-24 13:26:08.003], "Etc/UTC") |> DateTime.to_iso8601 @@ -108,7 +108,7 @@ test "an activity" do "user" => UserRepresenter.to_map(user, %{for: follower}), "is_local" => true, "attentions" => [], - "statusnet_html" => content_html <> "
\n#nsfw", + "statusnet_html" => HtmlSanitizeEx.basic_html(content_html) <> "
\n#nsfw", "text" => content <> "\n#nsfw", "is_post_verb" => true, "created_at" => "Tue May 24 13:26:08 +0000 2016",