Merge pull request from GHSA-2693-xr3m-jhqr

author: Claire <claire.github-309c@sitedethib.com> 2023-09-19 16:53:21 +0200
committer: Starfall <us@starfall.systems> 2023-09-19 20:36:51 -0500
commit: 6bf40f67f5af6ea0f5c935d43c3c1863c428f91c (patch)
tree: 01647d6860d30230386327daff4f5d93dcfb8ea1
parent: a9de0735d2ad2fc615169507ba6215fa17da8c18 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/app/services/translate_status_service.rb b/app/services/translate_status_service.rb
index 796f13a0d..ce81eaa63 100644
--- a/app/services/translate_status_service.rb
+++ b/app/services/translate_status_service.rb
@@ -12,7 +12,9 @@ class TranslateStatusService < BaseService
 
     raise Mastodon::NotPermittedError unless permitted?
 
-    Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) { translation_backend.translate(@content, @status.language, @target_language) }
+    Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) do
+      Sanitize.fragment(translation_backend.translate(@content, @status.language, @target_language), Sanitize::Config::MASTODON_STRICT)
+    end
   end
 
   private
author	Claire <claire.github-309c@sitedethib.com>	2023-09-19 16:53:21 +0200
committer	Starfall <us@starfall.systems>	2023-09-19 20:36:51 -0500
commit	6bf40f67f5af6ea0f5c935d43c3c1863c428f91c (patch)
tree	01647d6860d30230386327daff4f5d93dcfb8ea1
parent	a9de0735d2ad2fc615169507ba6215fa17da8c18 (diff)