Escape HTML fields

2023-04-30 16:07:07 -05:00 · 2023-04-30 16:07:07 -05:00 · 7bb8821b1b
parent d7805ae65b
commit 7bb8821b1b
2 changed files with 5 additions and 3 deletions
--- a/src/deps.ts
+++ b/src/deps.ts
@ -22,3 +22,5 @@ export {
 } from 'npm:nostr-tools@^1.10.1';
 export { findReplyTag } from 'https://gitlab.com/soapbox-pub/mostr/-/raw/c67064aee5ade5e01597c6d23e22e53c628ef0e2/src/nostr/tags.ts';
 export { parseFormData } from 'npm:formdata-helper@^0.3.0';
 // @deno-types="npm:@types/lodash@4.14.194"
 export { default as lodash } from 'https://esm.sh/lodash@4.17.21';
--- a/src/transmute.ts
+++ b/src/transmute.ts
@ -1,4 +1,4 @@
-import { findReplyTag, nip19 } from '@/deps.ts';
+import { findReplyTag, lodash, nip19 } from '@/deps.ts';
 import { type Event } from '@/event.ts';
 import { type MetaContent, parseContent } from '@/schema.ts';
@ -38,7 +38,7 @@ function toAccount(event: Event<0>) {
    header: banner,
    header_static: banner,
    locked: false,
-    note: about,
+    note: lodash.escape(about),
    fqn: parsed05?.handle || npub,
    url: `${origin}/users/${pubkey}`,
    username: parsed05?.nickname || npub,
@ -86,7 +86,7 @@ async function toStatus(event: Event<1>) {
  return {
    id: event.id,
    account,
-    content: event.content,
+    content: lodash.escape(event.content),
    created_at: new Date(event.created_at * 1000).toISOString(),
    in_reply_to_id: replyTag ? replyTag[1] : null,
    in_reply_to_account_id: null,