local_site_to_slur_regex,
local_user_view_from_jwt,
mark_post_as_read,
+ sanitize_html,
+ sanitize_html_opt,
EndpointType,
},
};
.map(|u| (u.title, u.description, u.embed_video_url))
.unwrap_or_default();
+ let name = sanitize_html(data.name.trim());
+ let body = sanitize_html_opt(&data.body);
+ let embed_title = sanitize_html_opt(&embed_title);
+ let embed_description = sanitize_html_opt(&embed_description);
+
// Only need to check if language is allowed in case user set it explicitly. When using default
// language, it already only returns allowed languages.
CommunityLanguage::is_allowed_community_language(
};
let post_form = PostInsertForm::builder()
- .name(data.name.trim().to_owned())
+ .name(name)
.url(url)
- .body(data.body.clone())
+ .body(body)
.community_id(data.community_id)
.creator_id(local_user_view.person.id)
.nsfw(data.nsfw)