Sanitize html (#3708)

[lemmy.git] / crates / apub / src / objects / post.rs

diff --git a/crates/apub/src/objects/post.rs b/crates/apub/src/objects/post.rs
index 48b573d30ab0dfdfd58398cdd2159ce7ee266a85..f04e07ded3b9961ad39e36720133946dc3d89e9d 100644 (file)
--- a/crates/apub/src/objects/post.rs
+++ b/crates/apub/src/objects/post.rs
@@ -25,7 +25,13 @@ use html2md::parse_html;
 use lemmy_api_common::{
   context::LemmyContext,
   request::fetch_site_data,
-  utils::{is_mod_or_admin, local_site_opt_to_sensitive, local_site_opt_to_slur_regex},
+  utils::{
+    is_mod_or_admin,
+    local_site_opt_to_sensitive,
+    local_site_opt_to_slur_regex,
+    sanitize_html,
+    sanitize_html_opt,
+  },
 };
 use lemmy_db_schema::{
   self,
@@ -228,6 +234,10 @@ impl Object for ApubPost {
       let language_id =
         LanguageTag::to_language_id_single(page.language, &mut context.pool()).await?;
 
+      let name = sanitize_html(&name);
+      let embed_title = sanitize_html_opt(&embed_title);
+      let embed_description = sanitize_html_opt(&embed_description);
+
       PostInsertForm {
         name,
         url: url.map(Into::into),