static_fe: Sanitize HTML in users

2020-03-15 17:00:54 +01:00 · 2020-03-15 17:00:54 +01:00 · 8176ca9e40
commit 8176ca9e40
parent acb016397e
5 changed files with 33 additions and 25 deletions
--- a/lib/pleroma/web/static_fe/static_fe_controller.ex
+++ b/lib/pleroma/web/static_fe/static_fe_controller.ex
@ -66,7 +66,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do
      end

    %{
-      user: user,
+      user: User.sanitize_html(user),
      title: get_title(activity.object),
      content: content,
      attachment: data["attachment"],
@ -120,7 +120,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do
        next_page_id = List.last(timeline) && List.last(timeline).id

        render(conn, "profile.html", %{
-          user: user,
+          user: User.sanitize_html(user),
          timeline: timeline,
          prev_page_id: prev_page_id,
          next_page_id: next_page_id,