Browse Source

Decode HTML entities when sanitized

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
chapril^2
Thomas Citharel 2 weeks ago
parent
commit
8e6aa8c85c
No known key found for this signature in database GPG Key ID: A061B9DDE0CA0773
  1. 2
      lib/service/formatter/html.ex
  2. 1
      mix.exs
  3. 2
      test/service/metadata/utils_test.exs

2
lib/service/formatter/html.ex

@ -17,7 +17,7 @@ defmodule Mobilizon.Service.Formatter.HTML do
def strip_tags(html) do
case FastSanitize.strip_tags(html) do
{:ok, html} ->
html
HtmlEntities.decode(html)
_ ->
raise "Failed to filter tags"

1
mix.exs

@ -142,6 +142,7 @@ defmodule Mobilizon.Mixfile do
{:ex_cldr_languages, "~> 0.2.1"},
{:slugger, "~> 0.3"},
{:sentry, "~> 8.0"},
{:html_entities, "~> 0.5"},
# Dev and test dependencies
{:phoenix_live_reload, "~> 1.2", only: [:dev, :e2e]},
{:ex_machina, "~> 2.3", only: [:dev, :test]},

2
test/service/metadata/utils_test.exs

@ -17,7 +17,7 @@ defmodule Mobilizon.Service.Metadata.UtilsTest do
"<h1>Biography</h1><p>It all started when someone wanted a <b>very long string</b> to be cut. However it's difficult to invent things to write when you've got nothing to say. Anyway, what's the deal here. We just need to reach 200 characters.",
"fr"
) ==
"Biography It all started when someone wanted a very long string to be cut. However it&#39;s difficult to invent things to write when you&#39;ve got nothing to say. Anyway, what&#39;s the deal here. We…"
"Biography It all started when someone wanted a very long string to be cut. However it's difficult to invent things to write when you've got nothing to say. Anyway, what's the deal here. We just need to"
end
test "process_description/3 returns default if no description is provided" do

Loading…
Cancel
Save