Merge branch 'security/ap-unsigned-create' into 'develop'

[akkoma] / lib / pleroma / formatter.ex

diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex
index cf2944c38fffa668ba6526dfd415af9ea10458ef..62f54a3f255e2e74d5e7c6dc7dfa7ff1f83d4e46 100644 (file)
--- a/lib/pleroma/formatter.ex
+++ b/lib/pleroma/formatter.ex
@@ -1,6 +1,7 @@
 defmodule Pleroma.Formatter do
   alias Pleroma.User
   alias Pleroma.Web.MediaProxy
+  alias Pleroma.HTML
 
   @tag_regex ~r/\#\w+/u
   def parse_tags(text, data \\ %{}) do
@@ -144,8 +145,8 @@ defmodule Pleroma.Formatter do
 
   def emojify(text, emoji) do
     Enum.reduce(emoji, text, fn {emoji, file}, text ->
-      emoji = HtmlSanitizeEx.strip_tags(emoji)
-      file = HtmlSanitizeEx.strip_tags(file)
+      emoji = HTML.strip_tags(emoji)
+      file = HTML.strip_tags(file)
 
       String.replace(
         text,
@@ -154,13 +155,16 @@ defmodule Pleroma.Formatter do
           MediaProxy.url(file)
         }' />"
       )
+      |> HTML.filter_tags()
     end)
   end
 
-  def get_emoji(text) do
+  def get_emoji(text) when is_binary(text) do
     Enum.filter(@emoji, fn {emoji, _} -> String.contains?(text, ":#{emoji}:") end)
   end
 
+  def get_emoji(_), do: []
+
   def get_custom_emoji() do
     @emoji
   end