Merge branch 'security/emoji-xss' into 'develop'

formatter: don't add XSS emoji See merge request pleroma/pleroma!322
author: kaniini <nenolod@gmail.com> 2018-09-02 00:08:56 +0000
committer: kaniini <nenolod@gmail.com> 2018-09-02 00:08:56 +0000
commit: 3370fab1d0af1eb65c6d7f8422129b33ca4c654b (patch)
tree: 041c906375fdf1edfc956b9ab3a0a6070575d906 /lib
parent: 3c7280934e3bdca8d5a870dc932406ccd9915d64 (diff)
parent: 834515fb511ecb8021b81f355cb2d629887edeef (diff)
download: pleroma-3370fab1d0af1eb65c6d7f8422129b33ca4c654b.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex
index cf2944c38..9be54e863 100644
--- a/lib/pleroma/formatter.ex
+++ b/lib/pleroma/formatter.ex
@@ -154,6 +154,7 @@ defmodule Pleroma.Formatter do
           MediaProxy.url(file)
         }' />"
       )
+      |> HtmlSanitizeEx.basic_html()
     end)
   end
author	kaniini <nenolod@gmail.com>	2018-09-02 00:08:56 +0000
committer	kaniini <nenolod@gmail.com>	2018-09-02 00:08:56 +0000
commit	3370fab1d0af1eb65c6d7f8422129b33ca4c654b (patch)
tree	041c906375fdf1edfc956b9ab3a0a6070575d906 /lib
parent	3c7280934e3bdca8d5a870dc932406ccd9915d64 (diff)
parent	834515fb511ecb8021b81f355cb2d629887edeef (diff)
download	pleroma-3370fab1d0af1eb65c6d7f8422129b33ca4c654b.tar.gz