Strip html from emoji stuff.

[akkoma] / lib / pleroma / formatter.ex

diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex
index fdf91f56e4877cc3c2c5e8aaf02db7e279170fb9..fd8465c1cd34b259e55f9566c236c425d1d3a7d5 100644 (file)
--- a/lib/pleroma/formatter.ex
+++ b/lib/pleroma/formatter.ex
@@ -132,6 +132,8 @@ defmodule Pleroma.Formatter do
     end
 
     Enum.reduce(all_emoji, text, fn ({emoji, file}, text) ->
+      emoji = HtmlSanitizeEx.strip_tags(emoji)
+      file = HtmlSanitizeEx.strip_tags(file)
       String.replace(text, ":#{emoji}:", "<img height='32px' width='32px' alt='#{emoji}' title='#{emoji}' src='#{MediaProxy.url(file)}' />")
     end)
   end