Merge branch 'preload-escaping' into 'develop'

B Preload: Make sure that the preloaded json is html safe

See merge request pleroma/pleroma!3901
This commit is contained in:
lain 2023-06-06 13:31:08 +00:00
commit 43458cb7a1
2 changed files with 3 additions and 2 deletions

View file

@ -0,0 +1 @@
Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.

View file

@ -11,7 +11,7 @@ defmodule Pleroma.Web.Preload do
terms = terms =
params params
|> parser.generate_terms() |> parser.generate_terms()
|> Enum.map(fn {k, v} -> {k, Base.encode64(Jason.encode!(v))} end) |> Enum.map(fn {k, v} -> {k, Base.encode64(Jason.encode!(v, escape: :html_safe))} end)
|> Enum.into(%{}) |> Enum.into(%{})
Map.merge(acc, terms) Map.merge(acc, terms)
@ -19,7 +19,7 @@ defmodule Pleroma.Web.Preload do
rendered_html = rendered_html =
preload_data preload_data
|> Jason.encode!() |> Jason.encode!(escape: :html_safe)
|> build_script_tag() |> build_script_tag()
|> HTML.safe_to_string() |> HTML.safe_to_string()