Commit a6d4cc89 authored by kaniini's avatar kaniini

Merge branch 'sanitize-bio' into 'develop'

mastodon api: sanitize the bio HTML

See merge request pleroma/pleroma!282
parents 5a8bb3cb 2b5db840
......@@ -36,7 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
followers_count: user_info.follower_count,
following_count: user_info.following_count,
statuses_count: user_info.note_count,
note: user.bio || "",
note: HtmlSanitizeEx.basic_html(user.bio) || "",
url: user.ap_id,
avatar: image,
avatar_static: image,
......
......@@ -20,6 +20,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
info: %{"note_count" => 5, "follower_count" => 3, "source_data" => source_data},
nickname: "shp@shitposter.club",
name: ":karjalanpiirakka: shp",
bio: "<script src=\"invalid-html\"></script><span>valid html</span>",
inserted_at: ~N[2017-08-15 15:47:06.597036]
})
......@@ -33,7 +34,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
followers_count: 3,
following_count: 0,
statuses_count: 5,
note: user.bio,
note: "<span>valid html</span>",
url: user.ap_id,
avatar: "http://localhost:4001/images/avi.png",
avatar_static: "http://localhost:4001/images/avi.png",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment