[bugfix] Use custom bluemonday policy to disallow inline img tags (#2100)

author: tobi <31960611+tsmethurst@users.noreply.github.com> 2023-08-11 14:40:11 +0200
committer: GitHub <noreply@github.com> 2023-08-11 14:40:11 +0200
commit: dc96562b4084e058846aea9102ef0257461717d6 (patch)
tree: a0b4bdbaa266386c7fdbbc02ca3e62bae559bf17 /internal/web/opengraph.go
parent: [feature] Set Content-Security-Policy header (#2095) (diff)
download: gotosocial-dc96562b4084e058846aea9102ef0257461717d6.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/internal/web/opengraph.go b/internal/web/opengraph.go
index 12989160c..188e2b8a1 100644
--- a/internal/web/opengraph.go
+++ b/internal/web/opengraph.go
@@ -67,7 +67,7 @@ func ogBase(instance *apimodel.InstanceV1) *ogMeta {
 	}
 
 	og := &ogMeta{
-		Title:       text.SanitizePlaintext(instance.Title) + " - GoToSocial",
+		Title:       text.SanitizeToPlaintext(instance.Title) + " - GoToSocial",
 		Type:        "website",
 		Locale:      locale,
 		URL:         instance.URI,
@@ -156,7 +156,7 @@ func parseTitle(account *apimodel.Account, accountDomain string) string {
 // parseDescription returns a string description which is
 // safe to use as a template.HTMLAttr inside templates.
 func parseDescription(in string) string {
-	i := text.SanitizePlaintext(in)
+	i := text.SanitizeToPlaintext(in)
 	i = strings.ReplaceAll(i, "\n", " ")
 	i = strings.Join(strings.Fields(i), " ")
 	i = html.EscapeString(i)
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2023-08-11 14:40:11 +0200
committer	GitHub <noreply@github.com>	2023-08-11 14:40:11 +0200
commit	dc96562b4084e058846aea9102ef0257461717d6 (patch)
tree	a0b4bdbaa266386c7fdbbc02ca3e62bae559bf17 /internal/web/opengraph.go
parent	[feature] Set Content-Security-Policy header (#2095) (diff)
download	gotosocial-dc96562b4084e058846aea9102ef0257461717d6.tar.xz