diff options
author | Thibaut Girka <thib@sitedethib.com> | 2019-05-21 22:57:59 +0200 |
---|---|---|
committer | ThibG <thib@sitedethib.com> | 2019-05-21 23:12:43 +0200 |
commit | 2332b3f146b0d879daba8a99bd35c8bf425edea3 (patch) | |
tree | 18683af415e6b90aba8bbb0b975c778b168c6a77 /app | |
parent | 4fbce23992c48314f581e07804360a5e14f915b8 (diff) |
Fix local text/html toots not being sanitized
Diffstat (limited to 'app')
-rw-r--r-- | app/lib/formatter.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/app/lib/formatter.rb b/app/lib/formatter.rb index 78a0e9f25..a099ff728 100644 --- a/app/lib/formatter.rb +++ b/app/lib/formatter.rb @@ -61,7 +61,9 @@ class Formatter html = encode_and_link_urls(html, linkable_accounts, keep_html: %w(text/markdown text/html).include?(status.content_type)) html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify] - unless %w(text/markdown text/html).include?(status.content_type) + if %w(text/markdown text/html).include?(status.content_type) + html = reformat(html) + else html = simple_format(html, {}, sanitize: false) html = html.delete("\n") end @@ -70,7 +72,7 @@ class Formatter end def format_markdown(html) - html = reformat(markdown_formatter.render(html)) + html = markdown_formatter.render(html) html.delete("\r").delete("\n") end |