Sanitize HTML in ReportView

Closes #990
author: rinpatch <rinpatch@sdf.org> 2019-06-16 01:30:32 +0300
committer: rinpatch <rinpatch@sdf.org> 2019-06-16 01:30:32 +0300
commit: 641bcaa44e47a83bb7730e39b2f6b9d16251b40e (patch)
tree: ec6541a3dfd7bd35918b2bd8a8e1e66e3f781ffe
parent: e943905bd7e256555a66b54d956013aa499d08d6 (diff)
download: pleroma-641bcaa44e47a83bb7730e39b2f6b9d16251b40e.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/pleroma/web/admin_api/views/report_view.ex b/lib/pleroma/web/admin_api/views/report_view.ex
index 47a73dc7e..48d73b4cd 100644
--- a/lib/pleroma/web/admin_api/views/report_view.ex
+++ b/lib/pleroma/web/admin_api/views/report_view.ex
@@ -6,6 +6,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
   use Pleroma.Web, :view
   alias Pleroma.Activity
   alias Pleroma.User
+  alias Pleroma.HTML
   alias Pleroma.Web.CommonAPI.Utils
   alias Pleroma.Web.MastodonAPI.AccountView
   alias Pleroma.Web.MastodonAPI.StatusView
@@ -32,7 +33,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
       id: report.id,
       account: AccountView.render("account.json", %{user: account}),
       actor: AccountView.render("account.json", %{user: user}),
-      content: report.data["content"],
+      content: HTML.filter_tags(report.data["content"]),
       created_at: created_at,
       statuses: StatusView.render("index.json", %{activities: statuses, as: :activity}),
       state: report.data["state"]
author	rinpatch <rinpatch@sdf.org>	2019-06-16 01:30:32 +0300
committer	rinpatch <rinpatch@sdf.org>	2019-06-16 01:30:32 +0300
commit	641bcaa44e47a83bb7730e39b2f6b9d16251b40e (patch)
tree	ec6541a3dfd7bd35918b2bd8a8e1e66e3f781ffe
parent	e943905bd7e256555a66b54d956013aa499d08d6 (diff)
download	pleroma-641bcaa44e47a83bb7730e39b2f6b9d16251b40e.tar.gz