Sanitize HTML in ReportView

author rinpatch <rinpatch@sdf.org>

Sat, 15 Jun 2019 22:30:32 +0000 (01:30 +0300)

committer rinpatch <rinpatch@sdf.org>

Sat, 15 Jun 2019 22:30:32 +0000 (01:30 +0300)
author rinpatch <rinpatch@sdf.org>
Sat, 15 Jun 2019 22:30:32 +0000 (01:30 +0300)
committer rinpatch <rinpatch@sdf.org>
Sat, 15 Jun 2019 22:30:32 +0000 (01:30 +0300)
diff --git a/lib/pleroma/web/admin_api/views/report_view.ex b/lib/pleroma/web/admin_api/views/report_view.ex

index 47a73dc7e53a0af9c73f7bfa84386e0391015a75..48d73b4cdad64c67b15856ae7a4c448c76ca75e2 100644 (file)
--- a/lib/pleroma/web/admin_api/views/report_view.ex
+++ b/lib/pleroma/web/admin_api/views/report_view.ex
@@ -6,6 +6,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
    use Pleroma.Web, :view
    alias Pleroma.Activity
    alias Pleroma.User
+  alias Pleroma.HTML
    alias Pleroma.Web.CommonAPI.Utils
    alias Pleroma.Web.MastodonAPI.AccountView
    alias Pleroma.Web.MastodonAPI.StatusView
@@ -32,7 +33,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
        id: report.id,
        account: AccountView.render("account.json", %{user: account}),
        actor: AccountView.render("account.json", %{user: user}),
-      content: report.data["content"],
+      content: HTML.filter_tags(report.data["content"]),
        created_at: created_at,
        statuses: StatusView.render("index.json", %{activities: statuses, as: :activity}),
        state: report.data["state"]
author	rinpatch <rinpatch@sdf.org>
	Sat, 15 Jun 2019 22:30:32 +0000 (01:30 +0300)
committer	rinpatch <rinpatch@sdf.org>
	Sat, 15 Jun 2019 22:30:32 +0000 (01:30 +0300)