Remove html from user bios on display.

author Roger Braun <roger@rogerbraun.net>

Sun, 18 Jun 2017 11:17:35 +0000 (13:17 +0200)

committer Roger Braun <roger@rogerbraun.net>

Sun, 18 Jun 2017 11:17:35 +0000 (13:17 +0200)
author Roger Braun <roger@rogerbraun.net>
Sun, 18 Jun 2017 11:17:35 +0000 (13:17 +0200)
committer Roger Braun <roger@rogerbraun.net>
Sun, 18 Jun 2017 11:17:35 +0000 (13:17 +0200)
diff --git a/lib/pleroma/web/twitter_api/representers/user_representer.ex b/lib/pleroma/web/twitter_api/representers/user_representer.ex

index 8a7bb6f0d3199fab6ad6f81b92a1cc0d61c0b4bd..a6595f349029d6c78eb1562acd878506c065cc44 100644 (file)
--- a/lib/pleroma/web/twitter_api/representers/user_representer.ex
+++ b/lib/pleroma/web/twitter_api/representers/user_representer.ex
@@ -18,7 +18,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.UserRepresenter do
        "id" => user.id,
        "name" => user.name,
        "screen_name" => user.nickname,
-      "description" => user.bio,
+      "description" => HtmlSanitizeEx.strip_tags(user.bio),
        "following" => following,
        "created_at" => created_at,
        # Fake fields
diff --git a/test/web/twitter_api/representers/user_representer_test.exs b/test/web/twitter_api/representers/user_representer_test.exs

index d63f738a92e8f117f68c994787b15eb8ce6a77b4..f62ce1da3fba46039b47d63fd0aa8891f88fe232 100644 (file)
--- a/test/web/twitter_api/representers/user_representer_test.exs
+++ b/test/web/twitter_api/representers/user_representer_test.exs
@@ -8,7 +8,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.UserRepresenterTest do
    import Pleroma.Factory
  
    setup do
-    user = insert(:user)
+    user = insert(:user, bio: "<span>Here's some html</span>")
      [user: user]
    end
  
@@ -39,7 +39,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.UserRepresenterTest do
        "id" => user.id,
        "name" => user.name,
        "screen_name" => user.nickname,
-      "description" => user.bio,
+      "description" => HtmlSanitizeEx.strip_tags(user.bio),
        "created_at" => created_at,
        # Fake fields
        "favourites_count" => 0,
@@ -66,7 +66,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.UserRepresenterTest do
        "id" => user.id,
        "name" => user.name,
        "screen_name" => user.nickname,
-      "description" => user.bio,
+      "description" => HtmlSanitizeEx.strip_tags(user.bio),
        "created_at" => created_at,
        # Fake fields
        "favourites_count" => 0,
author	Roger Braun <roger@rogerbraun.net>
	Sun, 18 Jun 2017 11:17:35 +0000 (13:17 +0200)
committer	Roger Braun <roger@rogerbraun.net>
	Sun, 18 Jun 2017 11:17:35 +0000 (13:17 +0200)
lib/pleroma/web/twitter_api/representers/user_representer.ex		patch \| blob \| history
test/web/twitter_api/representers/user_representer_test.exs		patch \| blob \| history