From 8feec8d390f34114c5f42faf366f899a2b4af9fb Mon Sep 17 00:00:00 2001
From: Roger Braun <roger@rogerbraun.net>
Date: Sun, 18 Jun 2017 13:40:35 +0200
Subject: Strip unsafe html on output in TwAPI.

---
 lib/pleroma/web/twitter_api/representers/activity_representer.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex
index ade200268..6f22e45fa 100644
--- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex
+++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex
@@ -105,7 +105,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do
       "id" => activity.id,
       "user" => UserRepresenter.to_map(user, opts),
       "attentions" => [],
-      "statusnet_html" => content,
+      "statusnet_html" => HtmlSanitizeEx.basic_html(content),
       "text" => HtmlSanitizeEx.strip_tags(content),
       "is_local" => true,
       "is_post_verb" => true,
-- 
cgit v1.2.3