akkoma/lib/pleroma/web/mastodon_api/views
Haelwenn (lanodan) Monnier 1257331291
MastodonAPI.StatusView: Do not use site_name
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
2020-02-15 00:36:09 +01:00
..
account_view.ex mastodon API: do not sanitize html in non-html fields 2020-02-02 14:46:32 +03:00
app_view.ex can be changed in runtime 2020-01-25 10:39:10 +03:00
conversation_view.ex format the code 2019-11-14 17:26:59 +03:00
custom_emoji_view.ex Add CustomEmojiController 2019-10-02 19:16:34 +07:00
filter_view.ex Make credo happy 2019-02-09 14:59:20 +01:00
instance_view.ex Extract instance actions from MastodonAPIController to InstanceController 2019-10-02 14:13:52 +07:00
list_view.ex Extract MastodonAPIController's list actions into MastodonAPI.ListController; Add more tests 2019-08-26 19:37:54 +07:00
marker_view.ex add Markers /api/v1/markers 2019-10-17 15:26:59 +03:00
notification_view.ex Notifications: Add emoji reaction notifications 2020-01-22 20:06:12 +01:00
poll_view.ex mastodon API: do not sanitize html in non-html fields 2020-02-02 14:46:32 +03:00
push_subscription_view.ex [#647] tests for web push 2019-03-06 13:20:12 +00:00
report_view.ex Extract report actions from MastodonAPIController to ReportController 2019-09-30 17:44:10 +07:00
scheduled_activity_view.ex Cleanup ScheduledActivityView 2019-09-27 13:36:28 +07:00
status_view.ex MastodonAPI.StatusView: Do not use site_name 2020-02-15 00:36:09 +01:00