From 5668ce1ec701ed12eb099020e8a322de08e6f810 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Thu, 26 May 2022 11:37:13 +0200
Subject: [bugfix] Fix HTML escaping in instance title (#607)

* move caption sanitization -> sanitize.go

* use sanitizeplaintext rather than removehtml

* rename sanitizecaption to sanitizeplaintext

* avoid removing html twice from statuses

* unexport remoteHTML
it's no longer used outside the text package so this
makes it less confusing

* test instance PATCH
---
 internal/processing/instance.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'internal/processing/instance.go')

diff --git a/internal/processing/instance.go b/internal/processing/instance.go
index 11f966adb..f4fe2ca79 100644
--- a/internal/processing/instance.go
+++ b/internal/processing/instance.go
@@ -65,7 +65,7 @@ func (p *processor) InstancePatch(ctx context.Context, form *apimodel.InstanceSe
 		if err := validate.SiteTitle(*form.Title); err != nil {
 			return nil, gtserror.NewErrorBadRequest(err, fmt.Sprintf("site title invalid: %s", err))
 		}
-		i.Title = text.RemoveHTML(*form.Title) // don't allow html in site title
+		i.Title = text.SanitizePlaintext(*form.Title) // don't allow html in site title
 	}
 
 	// validate & update site contact account if it's set on the form
-- 
cgit v1.2.3