Sanitize html (#3708)

[lemmy.git] / crates / api_crud / src / community / create.rs

diff --git a/crates/api_crud/src/community/create.rs b/crates/api_crud/src/community/create.rs
index 77ab833b9116a2ac37f4e8a5629e76c1c7b2ceed..7c84a21502bfa68067cc3a637c280fb0b6f25af6 100644 (file)
--- a/crates/api_crud/src/community/create.rs
+++ b/crates/api_crud/src/community/create.rs
@@ -13,6 +13,8 @@ use lemmy_api_common::{
     is_admin,
     local_site_to_slur_regex,
     local_user_view_from_jwt,
+    sanitize_html,
+    sanitize_html_opt,
     EndpointType,
   },
 };
@@ -59,10 +61,14 @@ impl PerformCrud for CreateCommunity {
     let icon = diesel_option_overwrite_to_url_create(&data.icon)?;
     let banner = diesel_option_overwrite_to_url_create(&data.banner)?;
 
+    let name = sanitize_html(&data.name);
+    let title = sanitize_html(&data.title);
+    let description = sanitize_html_opt(&data.description);
+
     let slur_regex = local_site_to_slur_regex(&local_site);
-    check_slurs(&data.name, &slur_regex)?;
-    check_slurs(&data.title, &slur_regex)?;
-    check_slurs_opt(&data.description, &slur_regex)?;
+    check_slurs(&name, &slur_regex)?;
+    check_slurs(&title, &slur_regex)?;
+    check_slurs_opt(&description, &slur_regex)?;
 
     is_valid_actor_name(&data.name, local_site.actor_name_max_length as usize)?;
     is_valid_body_field(&data.description, false)?;
@@ -83,9 +89,9 @@ impl PerformCrud for CreateCommunity {
     let keypair = generate_actor_keypair()?;
 
     let community_form = CommunityInsertForm::builder()
-      .name(data.name.clone())
-      .title(data.title.clone())
-      .description(data.description.clone())
+      .name(name)
+      .title(title)
+      .description(description)
       .icon(icon)
       .banner(banner)
       .nsfw(data.nsfw)