mastodon api: sanitize the bio HTML

author ensra <ensra@users.noreply.github.com>

Tue, 21 Aug 2018 09:53:53 +0000 (10:53 +0100)

committer ensra <ensra@users.noreply.github.com>

Tue, 21 Aug 2018 09:53:53 +0000 (10:53 +0100)
author ensra <ensra@users.noreply.github.com>
Tue, 21 Aug 2018 09:53:53 +0000 (10:53 +0100)
committer ensra <ensra@users.noreply.github.com>
Tue, 21 Aug 2018 09:53:53 +0000 (10:53 +0100)
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex

index cc5261616f8e915e3f5a731fd411520882c1af38..d9edcae7ffe51277a803fa49b18331cc27549f44 100644 (file)
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -36,7 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
        followers_count: user_info.follower_count,
        following_count: user_info.following_count,
        statuses_count: user_info.note_count,
-      note: user.bio || "",
+      note: HtmlSanitizeEx.basic_html(user.bio) || "",
        url: user.ap_id,
        avatar: image,
        avatar_static: image,
author	ensra <ensra@users.noreply.github.com>
	Tue, 21 Aug 2018 09:53:53 +0000 (10:53 +0100)
committer	ensra <ensra@users.noreply.github.com>
	Tue, 21 Aug 2018 09:53:53 +0000 (10:53 +0100)