summaryrefslogtreecommitdiff
path: root/internal/processing/status
diff options
context:
space:
mode:
Diffstat (limited to 'internal/processing/status')
-rw-r--r--internal/processing/status/create.go2
-rw-r--r--internal/processing/status/util.go6
2 files changed, 6 insertions, 2 deletions
diff --git a/internal/processing/status/create.go b/internal/processing/status/create.go
index aa7468ae5..37d7e6aab 100644
--- a/internal/processing/status/create.go
+++ b/internal/processing/status/create.go
@@ -29,7 +29,7 @@ func (p *processor) Create(account *gtsmodel.Account, application *gtsmodel.Appl
Local: true,
AccountID: account.ID,
AccountURI: account.URI,
- ContentWarning: form.SpoilerText,
+ ContentWarning: util.RemoveHTML(form.SpoilerText),
ActivityStreamsType: gtsmodel.ActivityStreamsNote,
Sensitive: form.Sensitive,
Language: form.Language,
diff --git a/internal/processing/status/util.go b/internal/processing/status/util.go
index 0a023eab6..eb83babb0 100644
--- a/internal/processing/status/util.go
+++ b/internal/processing/status/util.go
@@ -264,6 +264,10 @@ func (p *processor) processContent(form *apimodel.AdvancedStatusCreateForm, acco
// replace newlines with breaks
content = strings.ReplaceAll(content, "\n", "<br />")
- status.Content = content
+ // sanitize html to remove any dodgy scripts or other disallowed elements
+ clean := util.SanitizeHTML(content)
+
+ // set the content as the shiny clean parsed content
+ status.Content = clean
return nil
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-13 15:04:07 +0000