From bdba3ff9a9f98c1605c01c0e84f6bd6ed5c3efae Mon Sep 17 00:00:00 2001
From: Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com>
Date: Tue, 13 Jul 2021 16:03:51 +0200
Subject: sanitize html for statuses + instance (#97)

* sanitize html for statuses + instance

* sanitization
---
 internal/processing/media/create.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'internal/processing/media/create.go')

diff --git a/internal/processing/media/create.go b/internal/processing/media/create.go
index f9e383504..baf9f2918 100644
--- a/internal/processing/media/create.go
+++ b/internal/processing/media/create.go
@@ -26,6 +26,7 @@ import (
 
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 func (p *processor) Create(account *gtsmodel.Account, form *apimodel.AttachmentRequest) (*apimodel.Attachment, error) {
@@ -53,7 +54,7 @@ func (p *processor) Create(account *gtsmodel.Account, form *apimodel.AttachmentR
 	// TODO: handle this inside mediaHandler.ProcessAttachment (just pass more params to it)
 
 	// first description
-	attachment.Description = form.Description
+	attachment.Description = util.RemoveHTML(form.Description) // remove any HTML from the image description
 
 	// now parse the focus parameter
 	focusx, focusy, err := parseFocus(form.Focus)
-- 
cgit v1.2.3