diff options
| author |  Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com> | 2021-07-13 16:03:51 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-07-13 16:03:51 +0200 |
| commit | bdba3ff9a9f98c1605c01c0e84f6bd6ed5c3efae (patch) | |
| tree | faf0be2250d23aec1af6a6d2bcf321d1d8826ba9 /internal/processing/instance.go | |
| parent | Block/unblock (#96) (diff) | |
| download | gotosocial-bdba3ff9a9f98c1605c01c0e84f6bd6ed5c3efae.tar.xz | |
sanitize html for statuses + instance (#97)
* sanitize html for statuses + instance
* sanitization
Diffstat (limited to 'internal/processing/instance.go')
| -rw-r--r-- | internal/processing/instance.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/internal/processing/instance.go b/internal/processing/instance.go index 0c1a54dc2..962b841a6 100644 --- a/internal/processing/instance.go +++ b/internal/processing/instance.go @@ -60,7 +60,7 @@ func (p *processor) InstancePatch(form *apimodel.InstanceSettingsUpdateRequest) if err := util.ValidateSiteTitle(*form.Title); err != nil { return nil, gtserror.NewErrorBadRequest(err, fmt.Sprintf("site title invalid: %s", err)) } - i.Title = *form.Title + i.Title = util.RemoveHTML(*form.Title) // don't allow html in site title } // validate & update site contact account if it's set on the form @@ -110,7 +110,7 @@ func (p *processor) InstancePatch(form *apimodel.InstanceSettingsUpdateRequest) if err := util.ValidateSiteShortDescription(*form.ShortDescription); err != nil { return nil, gtserror.NewErrorBadRequest(err, err.Error()) } - i.ShortDescription = *form.ShortDescription + i.ShortDescription = util.SanitizeHTML(*form.ShortDescription) // html is OK in site description, but we should sanitize it } // validate & update site description if it's set on the form @@ -118,7 +118,7 @@ func (p *processor) InstancePatch(form *apimodel.InstanceSettingsUpdateRequest) if err := util.ValidateSiteDescription(*form.Description); err != nil { return nil, gtserror.NewErrorBadRequest(err, err.Error()) } - i.Description = *form.Description + i.Description = util.SanitizeHTML(*form.Description) // html is OK in site description, but we should sanitize it } // validate & update site terms if it's set on the form @@ -126,7 +126,7 @@ func (p *processor) InstancePatch(form *apimodel.InstanceSettingsUpdateRequest) if err := util.ValidateSiteTerms(*form.Terms); err != nil { return nil, gtserror.NewErrorBadRequest(err, err.Error()) } - i.Terms = *form.Terms + i.Terms = util.SanitizeHTML(*form.Terms) // html is OK in site terms, but we should sanitize it } // process avatar if provided |