Restore markdown quotes after sanitize (#3708) (#3749)
authorNutomic <me@nutomic.com>
Fri, 28 Jul 2023 12:23:46 +0000 (14:23 +0200)
committerGitHub <noreply@github.com>
Fri, 28 Jul 2023 12:23:46 +0000 (08:23 -0400)
crates/api_common/src/utils.rs

index 8ccb7d3fed5dc482d00b73af1a8283dad9ad47dd..5a678191bb2cfdf7bab72c98f81f38b698627292 100644 (file)
@@ -798,10 +798,12 @@ pub fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError
 /// Sanitize HTML with default options. Additionally, dont allow bypassing markdown
 /// links and images
 pub fn sanitize_html(data: &str) -> String {
-  ammonia::Builder::default()
+  let sanitized = ammonia::Builder::default()
     .rm_tags(&["a", "img"])
     .clean(data)
-    .to_string()
+    .to_string();
+  // restore markdown quotes
+  sanitized.replace("&gt;", ">")
 }
 
 pub fn sanitize_html_opt(data: &Option<String>) -> Option<String> {