[bugfix] Fix HTML escaping in instance title (#607)

* move caption sanitization -> sanitize.go * use sanitizeplaintext rather than removehtml * rename sanitizecaption to sanitizeplaintext * avoid removing html twice from statuses * unexport remoteHTML it's no longer used outside the text package so this makes it less confusing * test instance PATCH
2025-06-05 21:59:39 +02:00 · 2022-05-26 11:37:13 +02:00
parent f848aaa81f
commit 5668ce1ec7
15 changed files with 381 additions and 151 deletions
--- a/internal/processing/account/update.go
+++ b/internal/processing/account/update.go
@@ -53,7 +53,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form
 		if err := validate.DisplayName(*form.DisplayName); err != nil {
 			return nil, err
 		}
-		account.DisplayName = text.RemoveHTML(*form.DisplayName)
+		account.DisplayName = text.SanitizePlaintext(*form.DisplayName)
 	}

 	if form.Note != nil {