Merge branch 'fix/mastoapi-sanitize-display-name' into 'develop'

Mastodon API: Sanitize display names Closes #1000 See merge request pleroma/pleroma!1299
author: lain <lain@soykaf.club> 2019-06-18 20:47:07 +0000
committer: lain <lain@soykaf.club> 2019-06-18 20:47:07 +0000
commit: a392ad52ada6d7482369409ed2cd1eff6c87ef6f (patch)
tree: 81a589aabfec0b4b1e010d1550fc32360390d537 /lib
parent: 3d76420512111006f678f820d1a20f866b07bdb9 (diff)
parent: c7acca2abb665e09ead548881746d42f2f4ce6e6 (diff)
download: pleroma-a392ad52ada6d7482369409ed2cd1eff6c87ef6f.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex
index 72ae9bcda..62c516f8e 100644
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -66,6 +66,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
   end
 
   defp do_render("account.json", %{user: user} = opts) do
+    display_name = HTML.strip_tags(user.name || user.nickname)
+
     image = User.avatar_url(user) |> MediaProxy.url()
     header = User.banner_url(user) |> MediaProxy.url()
     user_info = User.get_cached_user_info(user)
@@ -96,7 +98,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
       id: to_string(user.id),
       username: username_from_nickname(user.nickname),
       acct: user.nickname,
-      display_name: user.name || user.nickname,
+      display_name: display_name,
       locked: user_info.locked,
       created_at: Utils.to_masto_date(user.inserted_at),
       followers_count: user_info.follower_count,
author	lain <lain@soykaf.club>	2019-06-18 20:47:07 +0000
committer	lain <lain@soykaf.club>	2019-06-18 20:47:07 +0000
commit	a392ad52ada6d7482369409ed2cd1eff6c87ef6f (patch)
tree	81a589aabfec0b4b1e010d1550fc32360390d537 /lib
parent	3d76420512111006f678f820d1a20f866b07bdb9 (diff)
parent	c7acca2abb665e09ead548881746d42f2f4ce6e6 (diff)
download	pleroma-a392ad52ada6d7482369409ed2cd1eff6c87ef6f.tar.gz