Sanitize HTML in ReportView

Closes #990
This commit is contained in:
rinpatch 2019-06-16 01:30:32 +03:00
parent e943905bd7
commit 641bcaa44e

View File

@ -6,6 +6,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
use Pleroma.Web, :view use Pleroma.Web, :view
alias Pleroma.Activity alias Pleroma.Activity
alias Pleroma.User alias Pleroma.User
alias Pleroma.HTML
alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.CommonAPI.Utils
alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.MastodonAPI.AccountView
alias Pleroma.Web.MastodonAPI.StatusView alias Pleroma.Web.MastodonAPI.StatusView
@ -32,7 +33,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
id: report.id, id: report.id,
account: AccountView.render("account.json", %{user: account}), account: AccountView.render("account.json", %{user: account}),
actor: AccountView.render("account.json", %{user: user}), actor: AccountView.render("account.json", %{user: user}),
content: report.data["content"], content: HTML.filter_tags(report.data["content"]),
created_at: created_at, created_at: created_at,
statuses: StatusView.render("index.json", %{activities: statuses, as: :activity}), statuses: StatusView.render("index.json", %{activities: statuses, as: :activity}),
state: report.data["state"] state: report.data["state"]