diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index 83a656011..21b6226b1 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -58,7 +58,8 @@ def add_attachments(text, attachments) do
end
def format_input(text, mentions, tags) do
- HtmlSanitizeEx.strip_tags(text)
+ Phoenix.HTML.html_escape(text)
+ |> elem(1)
|> Formatter.linkify
|> String.replace("\n", "
\n")
|> add_user_links(mentions)
diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs
index 994cc8f90..8698686ad 100644
--- a/test/web/twitter_api/twitter_api_test.exs
+++ b/test/web/twitter_api/twitter_api_test.exs
@@ -34,7 +34,7 @@ test "create a status" do
{ :ok, activity = %Activity{} } = TwitterAPI.create_status(user, input)
- assert get_in(activity.data, ["object", "content"]) == "Hello again, @shp.
\nThis is on another line. #2hu #epic #phantasmagoric
\nimage.jpg"
+ assert get_in(activity.data, ["object", "content"]) == "Hello again, @shp.<script></script>
\nThis is on another line. #2hu #epic #phantasmagoric
\nimage.jpg"
assert get_in(activity.data, ["object", "type"]) == "Note"
assert get_in(activity.data, ["object", "actor"]) == user.ap_id
assert get_in(activity.data, ["actor"]) == user.ap_id