From 37b802682ce1231f99976538a11c1584d48f47f4 Mon Sep 17 00:00:00 2001 From: eal Date: Thu, 9 Aug 2018 13:07:03 +0300 Subject: [PATCH] HTML-sanitize usernames before emojifying. --- lib/pleroma/web/twitter_api/views/user_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 30aaaf1ce..7d0f0e703 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -50,7 +50,7 @@ def render("user.json", %{user: user = %User{}} = assigns) do "friends_count" => user_info[:following_count], "id" => user.id, "name" => user.name, - "name_html" => Formatter.emojify(user.name, emoji), + "name_html" => HtmlSanitizeEx.strip_tags(user.name) |> Formatter.emojify(emoji), "profile_image_url" => image, "profile_image_url_https" => image, "profile_image_url_profile_size" => image,