Escape HTML instead of discarding it.
This commit is contained in:
parent
4647bcd6e6
commit
66e78c3ec4
|
@ -58,7 +58,8 @@ def add_attachments(text, attachments) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def format_input(text, mentions, tags) do
|
def format_input(text, mentions, tags) do
|
||||||
HtmlSanitizeEx.strip_tags(text)
|
Phoenix.HTML.html_escape(text)
|
||||||
|
|> elem(1)
|
||||||
|> Formatter.linkify
|
|> Formatter.linkify
|
||||||
|> String.replace("\n", "<br>\n")
|
|> String.replace("\n", "<br>\n")
|
||||||
|> add_user_links(mentions)
|
|> add_user_links(mentions)
|
||||||
|
|
|
@ -34,7 +34,7 @@ test "create a status" do
|
||||||
|
|
||||||
{ :ok, activity = %Activity{} } = TwitterAPI.create_status(user, input)
|
{ :ok, activity = %Activity{} } = TwitterAPI.create_status(user, input)
|
||||||
|
|
||||||
assert get_in(activity.data, ["object", "content"]) == "Hello again, <a href='shp'>@shp</a>.<br>\nThis is on another line. #2hu #epic #phantasmagoric<br>\n<a href=\"http://example.org/image.jpg\" class='attachment'>image.jpg</a>"
|
assert get_in(activity.data, ["object", "content"]) == "Hello again, <a href='shp'>@shp</a>.<script></script><br>\nThis is on another line. #2hu #epic #phantasmagoric<br>\n<a href=\"http://example.org/image.jpg\" class='attachment'>image.jpg</a>"
|
||||||
assert get_in(activity.data, ["object", "type"]) == "Note"
|
assert get_in(activity.data, ["object", "type"]) == "Note"
|
||||||
assert get_in(activity.data, ["object", "actor"]) == user.ap_id
|
assert get_in(activity.data, ["object", "actor"]) == user.ap_id
|
||||||
assert get_in(activity.data, ["actor"]) == user.ap_id
|
assert get_in(activity.data, ["actor"]) == user.ap_id
|
||||||
|
|
Loading…
Reference in New Issue