pleroma/test/web/mastodon_api/views
Haelwenn (lanodan) Monnier 1257331291
MastodonAPI.StatusView: Do not use site_name
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
2020-02-15 00:36:09 +01:00
..
account_view_test.exs mastodon API: do not sanitize html in non-html fields 2020-02-02 14:46:32 +03:00
conversation_view_test.exs Mastodon API, streaming: Add pleroma.direct_conversation_id to the conversation stream event payload. 2019-11-04 18:36:16 +03:00
list_view_test.exs
marker_view_test.exs add Markers /api/v1/markers 2019-10-17 15:26:59 +03:00
notification_view_test.exs EmojiReactions: Rename to EmojiReacts 2020-02-06 18:09:57 +01:00
poll_view_test.exs Extract poll actions from MastodonAPIController to PollController 2019-10-01 11:44:34 +07:00
push_subscription_view_test.exs
scheduled_activity_view_test.exs
status_view_test.exs MastodonAPI.StatusView: Do not use site_name 2020-02-15 00:36:09 +01:00