diff options
| author | lain <lain@soykaf.club> | 2018-03-23 19:52:08 +0100 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2018-03-23 19:52:08 +0100 |
| commit | fbe9aa3506807b5c0f30ea8e877193a0b5ae91a6 (patch) | |
| tree | c6b5617e1de6b51c05727147096ca15326c4bd30 /lib | |
| parent | 5da2355e715722f2f80a7587264a08d4281cb519 (diff) | |
| download | pleroma-fbe9aa3506807b5c0f30ea8e877193a0b5ae91a6.tar.gz | |
Strip html from emoji stuff.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/formatter.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/views/status_view.ex | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index fdf91f56e..fd8465c1c 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -132,6 +132,8 @@ defmodule Pleroma.Formatter do end Enum.reduce(all_emoji, text, fn ({emoji, file}, text) -> + emoji = HtmlSanitizeEx.strip_tags(emoji) + file = HtmlSanitizeEx.strip_tags(file) String.replace(text, ":#{emoji}:", "<img height='32px' width='32px' alt='#{emoji}' title='#{emoji}' src='#{MediaProxy.url(file)}' />") end) end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 55675ae1c..170b6ac6c 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -77,7 +77,11 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do reply_to_user = reply_to && User.get_cached_by_ap_id(reply_to.data["actor"]) emojis = (activity.data["object"]["emoji"] || []) - |> Enum.map(fn {name, url} -> %{ shortcode: name, url: url, static_url: url } end) + |> Enum.map(fn {name, url} -> + name = HtmlSanitizeEx.strip_tags(name) + url = HtmlSanitizeEx.strip_tags(url) + %{ shortcode: name, url: url, static_url: url } + end) %{ id: to_string(activity.id), |