From bdba3ff9a9f98c1605c01c0e84f6bd6ed5c3efae Mon Sep 17 00:00:00 2001
From: Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com>
Date: Tue, 13 Jul 2021 16:03:51 +0200
Subject: sanitize html for statuses + instance (#97)

* sanitize html for statuses + instance

* sanitization
---
 internal/processing/status/util.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'internal/processing/status/util.go')

diff --git a/internal/processing/status/util.go b/internal/processing/status/util.go
index 0a023eab6..eb83babb0 100644
--- a/internal/processing/status/util.go
+++ b/internal/processing/status/util.go
@@ -264,6 +264,10 @@ func (p *processor) processContent(form *apimodel.AdvancedStatusCreateForm, acco
 	// replace newlines with breaks
 	content = strings.ReplaceAll(content, "\n", "<br />")
 
-	status.Content = content
+	// sanitize html to remove any dodgy scripts or other disallowed elements
+	clean := util.SanitizeHTML(content)
+
+	// set the content as the shiny clean parsed content
+	status.Content = clean
 	return nil
 }
-- 
cgit v1.2.3