From 66e78c3ec4e524a31a4c12f4dbe682ccbbc0025d Mon Sep 17 00:00:00 2001
From: eal <eal@waifu.club>
Date: Sat, 18 Nov 2017 14:43:41 +0200
Subject: Escape HTML instead of discarding it.

---
 lib/pleroma/web/common_api/utils.ex | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index 83a656011..21b6226b1 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -58,7 +58,8 @@ defmodule Pleroma.Web.CommonAPI.Utils do
   end
 
   def format_input(text, mentions, tags) do
-    HtmlSanitizeEx.strip_tags(text)
+    Phoenix.HTML.html_escape(text)
+    |> elem(1)
     |> Formatter.linkify
     |> String.replace("\n", "<br>\n")
     |> add_user_links(mentions)
-- 
cgit v1.2.3