traits::Object,
};
use chrono::NaiveDateTime;
-use lemmy_api_common::{context::LemmyContext, utils::check_person_block};
+use lemmy_api_common::{
+ context::LemmyContext,
+ utils::{check_person_block, sanitize_html},
+};
use lemmy_db_schema::{
source::{
person::Person,
let recipient = note.to[0].dereference(context).await?;
check_person_block(creator.id, recipient.id, &mut context.pool()).await?;
+ let content = read_from_string_or_source(¬e.content, &None, ¬e.source);
+ let content = sanitize_html(&content);
+
let form = PrivateMessageInsertForm {
creator_id: creator.id,
recipient_id: recipient.id,
- content: read_from_string_or_source(¬e.content, &None, ¬e.source),
+ content,
published: note.published.map(|u| u.naive_local()),
updated: note.updated.map(|u| u.naive_local()),
deleted: Some(false),