static_fe: Sanitize HTML in posts

Note: Seems to have different sanitization with TwitterCard generator giving the following: <meta content=\"“alert('xss')”\" property=\"twitter:description\">
2020-03-15 15:45:57 +01:00 · 2020-03-15 15:45:57 +01:00 · 0ac6e29654
commit 0ac6e29654
parent fa4ec17c84
2 changed files with 21 additions and 1 deletions
--- a/lib/pleroma/web/static_fe/static_fe_controller.ex
+++ b/lib/pleroma/web/static_fe/static_fe_controller.ex
@ -58,10 +58,17 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do
        _ -> data["url"] || data["external_url"] || data["id"]
      end

+    content =
+      if data["content"] do
+        Pleroma.HTML.filter_tags(data["content"])
+      else
+        nil
+      end
+
    %{
      user: user,
      title: get_title(activity.object),
-      content: data["content"] || nil,
+      content: content,
      attachment: data["attachment"],
      link: link,
      published: data["published"],