Drop HTMLSanitizeEx and fix title sanitizing

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-24 16:33:59 +02:00
parent 0f489757f7
commit 83aa005faf
12 changed files with 40 additions and 17 deletions
--- a/lib/service/metadata/event.ex
+++ b/lib/service/metadata/event.ex
@@ -2,6 +2,7 @@ defimpl Mobilizon.Service.Metadata, for: Mobilizon.Events.Event do
  alias Phoenix.HTML
  alias Phoenix.HTML.Tag
  alias Mobilizon.Events.Event
+  alias Mobilizon.Service.Formatter.HTML, as: HTMLFormatter
  alias Mobilizon.Web.JsonLD.ObjectView
  alias Mobilizon.Web.MediaProxy
  import Mobilizon.Web.Gettext
@@ -49,15 +50,15 @@ defimpl Mobilizon.Service.Metadata, for: Mobilizon.Events.Event do

  defp process_description(description, _locale) do
    description
-    |> HtmlSanitizeEx.strip_tags()
+    |> HTMLFormatter.strip_tags()
    |> String.slice(0..200)
    |> (&"#{&1}…").()
  end

  # Insert JSON-LD schema by hand because Tag.content_tag wants to escape it
-  defp json(%Event{} = event) do
+  defp json(%Event{title: title} = event) do
    "event.json"
-    |> ObjectView.render(%{event: event})
+    |> ObjectView.render(%{event: %{event | title: HTMLFormatter.strip_tags(title)}})
    |> Jason.encode!()
  end
 end
--- a/lib/service/metadata/instance.ex
+++ b/lib/service/metadata/instance.ex
@@ -7,6 +7,7 @@ defmodule Mobilizon.Service.Metadata.Instance do
  alias Phoenix.HTML.Tag

  alias Mobilizon.Config
+  alias Mobilizon.Service.Formatter.HTML, as: HTMLFormatter
  alias Mobilizon.Web.Endpoint

  def build_tags do
@@ -40,7 +41,7 @@ defmodule Mobilizon.Service.Metadata.Instance do

  defp process_description(description) do
    description
-    |> HtmlSanitizeEx.strip_tags()
+    |> HTMLFormatter.strip_tags()
    |> String.slice(0..200)
    |> (&"#{&1}…").()
  end