Sanitize html (#3708)

[lemmy.git] / crates / api_crud / src / community / update.rs

diff --git a/crates/api_crud/src/community/update.rs b/crates/api_crud/src/community/update.rs
index 62c3776f4ae27c8995669ab4729fd5e2489cc8a3..128be036fd241529c64e4d76a7907b0c77ecea4e 100644 (file)
--- a/crates/api_crud/src/community/update.rs
+++ b/crates/api_crud/src/community/update.rs
@@ -4,7 +4,7 @@ use lemmy_api_common::{
   build_response::build_community_response,
   community::{CommunityResponse, EditCommunity},
   context::LemmyContext,
-  utils::{local_site_to_slur_regex, local_user_view_from_jwt},
+  utils::{local_site_to_slur_regex, local_user_view_from_jwt, sanitize_html_opt},
 };
 use lemmy_db_schema::{
   newtypes::PersonId,
@@ -32,15 +32,18 @@ impl PerformCrud for EditCommunity {
     let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
     let local_site = LocalSite::read(&mut context.pool()).await?;
 
-    let icon = diesel_option_overwrite_to_url(&data.icon)?;
-    let banner = diesel_option_overwrite_to_url(&data.banner)?;
-    let description = diesel_option_overwrite(&data.description);
-
     let slur_regex = local_site_to_slur_regex(&local_site);
     check_slurs_opt(&data.title, &slur_regex)?;
     check_slurs_opt(&data.description, &slur_regex)?;
     is_valid_body_field(&data.description, false)?;
 
+    let title = sanitize_html_opt(&data.title);
+    let description = sanitize_html_opt(&data.description);
+
+    let icon = diesel_option_overwrite_to_url(&data.icon)?;
+    let banner = diesel_option_overwrite_to_url(&data.banner)?;
+    let description = diesel_option_overwrite(description);
+
     // Verify its a mod (only mods can edit it)
     let community_id = data.community_id;
     let mods: Vec<PersonId> =
@@ -64,7 +67,7 @@ impl PerformCrud for EditCommunity {
     }
 
     let community_form = CommunityUpdateForm::builder()
-      .title(data.title.clone())
+      .title(title)
       .description(description)
       .icon(icon)
       .banner(banner)