Sanitize html (#3708)

[lemmy.git] / crates / apub / src / objects / post.rs

diff --git a/crates/apub/src/objects/post.rs b/crates/apub/src/objects/post.rs
index d252a8ea745c76e272042d1b44239c2606c8affe..f04e07ded3b9961ad39e36720133946dc3d89e9d 100644 (file)
--- a/crates/apub/src/objects/post.rs
+++ b/crates/apub/src/objects/post.rs
@@ -25,7 +25,13 @@ use html2md::parse_html;
 use lemmy_api_common::{
   context::LemmyContext,
   request::fetch_site_data,
-  utils::{is_mod_or_admin, local_site_opt_to_sensitive, local_site_opt_to_slur_regex},
+  utils::{
+    is_mod_or_admin,
+    local_site_opt_to_sensitive,
+    local_site_opt_to_slur_regex,
+    sanitize_html,
+    sanitize_html_opt,
+  },
 };
 use lemmy_db_schema::{
   self,
@@ -228,6 +234,10 @@ impl Object for ApubPost {
       let language_id =
         LanguageTag::to_language_id_single(page.language, &mut context.pool()).await?;
 
+      let name = sanitize_html(&name);
+      let embed_title = sanitize_html_opt(&embed_title);
+      let embed_description = sanitize_html_opt(&embed_description);
+
       PostInsertForm {
         name,
         url: url.map(Into::into),
@@ -280,6 +290,9 @@ impl Object for ApubPost {
 
 #[cfg(test)]
 mod tests {
+  #![allow(clippy::unwrap_used)]
+  #![allow(clippy::indexing_slicing)]
+
   use super::*;
   use crate::{
     objects::{