From 641bcaa44e47a83bb7730e39b2f6b9d16251b40e Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 16 Jun 2019 01:30:32 +0300 Subject: [PATCH] Sanitize HTML in ReportView Closes #990 --- lib/pleroma/web/admin_api/views/report_view.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/admin_api/views/report_view.ex b/lib/pleroma/web/admin_api/views/report_view.ex index 47a73dc7e..48d73b4cd 100644 --- a/lib/pleroma/web/admin_api/views/report_view.ex +++ b/lib/pleroma/web/admin_api/views/report_view.ex @@ -6,6 +6,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do use Pleroma.Web, :view alias Pleroma.Activity alias Pleroma.User + alias Pleroma.HTML alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.MastodonAPI.StatusView @@ -32,7 +33,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do id: report.id, account: AccountView.render("account.json", %{user: account}), actor: AccountView.render("account.json", %{user: user}), - content: report.data["content"], + content: HTML.filter_tags(report.data["content"]), created_at: created_at, statuses: StatusView.render("index.json", %{activities: statuses, as: :activity}), state: report.data["state"]