Sanitize preview cards at render time

author Claire <claire.github-309c@sitedethib.com>

Wed, 7 Jun 2023 08:55:21 +0000 (10:55 +0200)

committer Claire <claire.github-309c@sitedethib.com>

Thu, 6 Jul 2023 13:43:16 +0000 (15:43 +0200)
author Claire <claire.github-309c@sitedethib.com>
Wed, 7 Jun 2023 08:55:21 +0000 (10:55 +0200)
committer Claire <claire.github-309c@sitedethib.com>
Thu, 6 Jul 2023 13:43:16 +0000 (15:43 +0200)
diff --git a/app/serializers/rest/preview_card_serializer.rb b/app/serializers/rest/preview_card_serializer.rb

index 66ff47d22ea50e2ef8cbce7e9e41e5ad6052df02..e6d204fec3c07682551cf2510f16910e986e656c 100644 (file)
--- a/app/serializers/rest/preview_card_serializer.rb
+++ b/app/serializers/rest/preview_card_serializer.rb
@@ -11,4 +11,8 @@ class REST::PreviewCardSerializer < ActiveModel::Serializer
    def image
      object.image? ? full_asset_url(object.image.url(:original)) : nil
    end
+
+  def html
+    Sanitize.fragment(object.html, Sanitize::Config::MASTODON_OEMBED)
+  end
  end
author	Claire <claire.github-309c@sitedethib.com>
	Wed, 7 Jun 2023 08:55:21 +0000 (10:55 +0200)
committer	Claire <claire.github-309c@sitedethib.com>
	Thu, 6 Jul 2023 13:43:16 +0000 (15:43 +0200)