hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge branch 'bug/fix-XSS-on-event-title' into 'master'

Browse Source 
Make sure title is properly sanitized

Closes #247

See merge request framasoft/mobilizon!281
This commit is contained in:
Thomas Citharel
2019-10-16 19:17:27 +02:00
parent 6b2382c444 8094f1d80a
commit 4dcbf85d9a
3 changed files with 62 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/mobilizon_web/api/events.ex
View File

@@ -73,7 +73,7 @@ defmodule MobilizonWeb.API.Events do
defp prepare_args(args) do
with %Actor{} = organizer_actor <- Map.get(args, :organizer_actor),
title <- args |> Map.get(:title, "") |> String.trim(),
title <- args |> Map.get(:title, "") |> HtmlSanitizeEx.strip_tags() |> String.trim(),
visibility <- Map.get(args, :visibility, :public),
description <- Map.get(args, :description),
tags <- Map.get(args, :tags),