Decode HTML entities when sanitized

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2 weeks ago · 8e6aa8c85c
3 changed files with 3 additions and 2 deletions
--- a/lib/service/formatter/html.ex
+++ b/lib/service/formatter/html.ex
@ -17,7 +17,7 @@ defmodule Mobilizon.Service.Formatter.HTML do
  def strip_tags(html) do
    case FastSanitize.strip_tags(html) do
      {:ok, html} ->
-        html
+        HtmlEntities.decode(html)

      _ ->
        raise "Failed to filter tags"
--- a/mix.exs
+++ b/mix.exs
@ -142,6 +142,7 @@ defmodule Mobilizon.Mixfile do
      {:ex_cldr_languages, "~> 0.2.1"},
      {:slugger, "~> 0.3"},
      {:sentry, "~> 8.0"},
+      {:html_entities, "~> 0.5"},
      # Dev and test dependencies
      {:phoenix_live_reload, "~> 1.2", only: [:dev, :e2e]},
      {:ex_machina, "~> 2.3", only: [:dev, :test]},
--- a/test/service/metadata/utils_test.exs
+++ b/test/service/metadata/utils_test.exs
@ -17,7 +17,7 @@ defmodule Mobilizon.Service.Metadata.UtilsTest do
               "<h1>Biography</h1><p>It all started when someone wanted a <b>very long string</b> to be cut. However it's difficult to invent things to write when you've got nothing to say. Anyway, what's the deal here. We just need to reach 200 characters.",
               "fr"
             ) ==
-               "Biography It all started when someone wanted a very long string to be cut. However it&#39;s difficult to invent things to write when you&#39;ve got nothing to say. Anyway, what&#39;s the deal here. We…"
+               "Biography It all started when someone wanted a very long string to be cut. However it's difficult to invent things to write when you've got nothing to say. Anyway, what's the deal here. We just need to…"
    end

    test "process_description/3 returns default if no description is provided" do