Strip unsafe html on output in TwAPI.
This commit is contained in:
parent
a9bfbcae80
commit
8feec8d390
|
@ -105,7 +105,7 @@ def to_map(%Activity{data: %{"object" => %{"content" => content} = object}} = ac
|
|||
"id" => activity.id,
|
||||
"user" => UserRepresenter.to_map(user, opts),
|
||||
"attentions" => [],
|
||||
"statusnet_html" => content,
|
||||
"statusnet_html" => HtmlSanitizeEx.basic_html(content),
|
||||
"text" => HtmlSanitizeEx.strip_tags(content),
|
||||
"is_local" => true,
|
||||
"is_post_verb" => true,
|
||||
|
|
|
@ -67,7 +67,7 @@ test "an activity" do
|
|||
}
|
||||
}
|
||||
|
||||
content_html = "Some #content #mentioning <a href='#{mentioned_user.ap_id}'>@shp</shp>"
|
||||
content_html = "<script>alert('YAY')</script>Some #content #mentioning <a href='#{mentioned_user.ap_id}'>@shp</a>"
|
||||
content = HtmlSanitizeEx.strip_tags(content_html)
|
||||
date = DateTime.from_naive!(~N[2016-05-24 13:26:08.003], "Etc/UTC") |> DateTime.to_iso8601
|
||||
|
||||
|
@ -108,7 +108,7 @@ test "an activity" do
|
|||
"user" => UserRepresenter.to_map(user, %{for: follower}),
|
||||
"is_local" => true,
|
||||
"attentions" => [],
|
||||
"statusnet_html" => content_html <> "<br>\n#nsfw",
|
||||
"statusnet_html" => HtmlSanitizeEx.basic_html(content_html) <> "<br />\n#nsfw",
|
||||
"text" => content <> "\n#nsfw",
|
||||
"is_post_verb" => true,
|
||||
"created_at" => "Tue May 24 13:26:08 +0000 2016",
|
||||
|
|
Loading…
Reference in New Issue