From 175f0bebbc8ee420082b10b00e49e490f65d4c5f Mon Sep 17 00:00:00 2001 From: ensra Date: Tue, 21 Aug 2018 10:53:53 +0100 Subject: [PATCH] mastodon api: sanitize the bio HTML --- lib/pleroma/web/mastodon_api/views/account_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index cc5261616..d9edcae7f 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -36,7 +36,7 @@ def render("account.json", %{user: user}) do followers_count: user_info.follower_count, following_count: user_info.following_count, statuses_count: user_info.note_count, - note: user.bio || "", + note: HtmlSanitizeEx.basic_html(user.bio) || "", url: user.ap_id, avatar: image, avatar_static: image,