From 6bf40f67f5af6ea0f5c935d43c3c1863c428f91c Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Tue, 19 Sep 2023 16:53:21 +0200
Subject: Merge pull request from GHSA-2693-xr3m-jhqr

---
 app/services/translate_status_service.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/services/translate_status_service.rb b/app/services/translate_status_service.rb
index 796f13a0d..ce81eaa63 100644
--- a/app/services/translate_status_service.rb
+++ b/app/services/translate_status_service.rb
@@ -12,7 +12,9 @@ class TranslateStatusService < BaseService
 
     raise Mastodon::NotPermittedError unless permitted?
 
-    Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) { translation_backend.translate(@content, @status.language, @target_language) }
+    Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) do
+      Sanitize.fragment(translation_backend.translate(@content, @status.language, @target_language), Sanitize::Config::MASTODON_STRICT)
+    end
   end
 
   private
-- 
cgit