SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[bugfix] Use custom bluemonday policy to disallow inline img tags (#2100)

Browse Source
This commit is contained in:
tobi
2023-08-11 14:40:11 +02:00
committed by GitHub
parent 3aedd937c3
commit dc96562b40
17 changed files with 243 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/web/opengraph.go
View File

@ -67,7 +67,7 @@ func ogBase(instance *apimodel.InstanceV1) *ogMeta {
}
og := &ogMeta{
Title: text.SanitizePlaintext(instance.Title) + " - GoToSocial",
Title: text.SanitizeToPlaintext(instance.Title) + " - GoToSocial",
Type: "website",
Locale: locale,
URL: instance.URI,
@ -156,7 +156,7 @@ func parseTitle(account *apimodel.Account, accountDomain string) string {
// parseDescription returns a string description which is
// safe to use as a template.HTMLAttr inside templates.
func parseDescription(in string) string {
i := text.SanitizePlaintext(in)
i := text.SanitizeToPlaintext(in)
i = strings.ReplaceAll(i, "\n", " ")
i = strings.Join(strings.Fields(i), " ")
i = html.EscapeString(i)