hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Correctly escape user-defined names in emails

Browse Source 
Closes #1151

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2022-10-31 13:00:45 +01:00
parent 695d773d50
commit 470a3e594b
28 changed files with 162 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/service/metadata/post.ex
View File

@@ -7,14 +7,16 @@ defimpl Mobilizon.Service.Metadata, for: Mobilizon.Posts.Post do
alias Mobilizon.Web.Endpoint
alias Mobilizon.Web.JsonLD.ObjectView
alias Mobilizon.Web.Router.Helpers, as: Routes
import Mobilizon.Service.Metadata.Utils, only: [process_description: 2, strip_tags: 1]
import Mobilizon.Service.Metadata.Utils,
only: [process_description: 2, strip_tags: 1, escape_text: 1]
def build_tags(%Post{} = post, locale \\ "en") do
post = Map.put(post, :body, process_description(post.body, locale))
tags =
[
Tag.tag(:meta, property: "og:title", content: post.title),
Tag.tag(:meta, property: "og:title", content: escape_text(post.title)),
Tag.tag(:meta, property: "og:url", content: post.url),
Tag.tag(:meta, property: "og:description", content: post.body),
Tag.tag(:meta, property: "og:type", content: "article"),
@@ -31,7 +33,7 @@ defimpl Mobilizon.Service.Metadata, for: Mobilizon.Posts.Post do
%{
"@type" => "ListItem",
"position" => 1,
"name" => Actor.display_name(post.attributed_to),
"name" => post.attributed_to |> Actor.display_name() |> escape_text,
"item" =>
Endpoint
|> Routes.page_url(