projects / akkoma / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5fcee57) | patch
MastodonAPI.StatusView: Do not use site_name
authorHaelwenn (lanodan) Monnier <contact@hacktivis.me>
Fri, 14 Feb 2020 23:35:46 +0000 (00:35 +0100)
committerHaelwenn (lanodan) Monnier <contact@hacktivis.me>
Fri, 14 Feb 2020 23:36:09 +0000 (00:36 +0100)
commit1257331291f27b55340a4ccca459a2673f3f37c2
tree8d54b966b0fbffae541a2e123032c45a3322a9d6tree | snapshot
parent5fcee577f9713d9432115f8e3b51c3de2aef6fd0commit | diff
MastodonAPI.StatusView: Do not use site_name

site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
lib/pleroma/web/mastodon_api/views/status_view.ex diff | blob | history
test/web/mastodon_api/views/status_view_test.exs diff | blob | history
Fork of https://akkoma.dev/AkkomaGang/akkoma.git