Switch from HtmlSanitizeEx to FastSanitize

test/web/activity_pub/mrf/normalize_markup_test.exs

@@ -20,11 +20,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
     expected = """
     <b>this is in bold</b>
     <p>this is a paragraph</p>
-    this is a linebreak<br />
-    this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
-    this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a>
-    this is an image: <img src="http://example.com/image.jpg" /><br />
-    alert('hacked')
+    this is a linebreak<br/>
+    this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a>
+    this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a>
+    this is an image: <img src="http://example.com/image.jpg"/><br/>
+    alert(&#39;hacked&#39;)
     """
 
     message = %{"type" => "Create", "object" => %{"content" => @html_sample}}

test/web/common_api/common_api_test.exs

@@ -140,7 +140,7 @@ defmodule Pleroma.Web.CommonAPITest do
 
       object = Object.normalize(activity)
 
-      assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
+      assert object.data["content"] == "<p><b>2hu</b></p>alert(&#39;xss&#39;)"
     end
 
     test "it filters out obviously bad tags when accepting a post as Markdown" do
@@ -156,7 +156,7 @@ defmodule Pleroma.Web.CommonAPITest do
 
       object = Object.normalize(activity)
 
-      assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
+      assert object.data["content"] == "<p><b>2hu</b></p>alert(&#39;xss&#39;)"
     end
 
     test "it does not allow replies to direct messages that are not direct messages themselves" do