X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi%2Fsrc%2Fcomment_report%2Fcreate.rs;h=190e47a1e5d2a1247eb3b4e6a3e46a2566a74414;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=3a89e1014b977aef488c93262f2cfdcdc8c68800;hpb=1d38aad9d3d51ef606074d5b49a8030c49dd0e9e;p=lemmy.git

diff --git a/crates/api/src/comment_report/create.rs b/crates/api/src/comment_report/create.rs
index 3a89e101..190e47a1 100644
--- a/crates/api/src/comment_report/create.rs
+++ b/crates/api/src/comment_report/create.rs
@@ -3,7 +3,12 @@ use actix_web::web::Data;
 use lemmy_api_common::{
   comment::{CommentReportResponse, CreateCommentReport},
   context::LemmyContext,
-  utils::{check_community_ban, local_user_view_from_jwt, send_new_report_email_to_admins},
+  utils::{
+    check_community_ban,
+    local_user_view_from_jwt,
+    sanitize_html,
+    send_new_report_email_to_admins,
+  },
 };
 use lemmy_db_schema::{
   source::{
@@ -29,8 +34,8 @@ impl Perform for CreateCommentReport {
     let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
     let local_site = LocalSite::read(&mut context.pool()).await?;
 
-    let reason = self.reason.trim();
-    check_report_reason(reason, &local_site)?;
+    let reason = sanitize_html(self.reason.trim());
+    check_report_reason(&reason, &local_site)?;
 
     let person_id = local_user_view.person.id;
     let comment_id = data.comment_id;
@@ -42,7 +47,7 @@ impl Perform for CreateCommentReport {
       creator_id: person_id,
       comment_id,
       original_comment_text: comment_view.comment.content,
-      reason: reason.to_owned(),
+      reason,
     };
 
     let report = CommentReport::report(&mut context.pool(), &report_form)