From fe8c6965f1482e1a0fb44b7a7dfec301fa4290b7 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Jun 2023 10:55:21 +0200
Subject: [PATCH] Sanitize preview cards at render time

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
---
 app/serializers/rest/preview_card_serializer.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/serializers/rest/preview_card_serializer.rb b/app/serializers/rest/preview_card_serializer.rb
index 66ff47d22..e6d204fec 100644
--- a/app/serializers/rest/preview_card_serializer.rb
+++ b/app/serializers/rest/preview_card_serializer.rb
@@ -11,4 +11,8 @@ class REST::PreviewCardSerializer < ActiveModel::Serializer
   def image
     object.image? ? full_asset_url(object.image.url(:original)) : nil
   end
+
+  def html
+    Sanitize.fragment(object.html, Sanitize::Config::MASTODON_OEMBED)
+  end
 end
-- 
2.47.3