From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Jun 2023 08:55:21 +0000 (+0200)
Subject: Sanitize preview cards at render time
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=fe8c6965f1482e1a0fb44b7a7dfec301fa4290b7;p=mastodon.git

Sanitize preview cards at render time

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
---

diff --git a/app/serializers/rest/preview_card_serializer.rb b/app/serializers/rest/preview_card_serializer.rb
index 66ff47d22..e6d204fec 100644
--- a/app/serializers/rest/preview_card_serializer.rb
+++ b/app/serializers/rest/preview_card_serializer.rb
@@ -11,4 +11,8 @@ class REST::PreviewCardSerializer < ActiveModel::Serializer
   def image
     object.image? ? full_asset_url(object.image.url(:original)) : nil
   end
+
+  def html
+    Sanitize.fragment(object.html, Sanitize::Config::MASTODON_OEMBED)
+  end
 end