Commit 8fcb9c42 authored by feld's avatar feld

Merge branch 'fix/escape-html' into 'develop'

Escape HTML from display name and subject fields

Closes #724

See merge request pleroma/pleroma-fe!1052
parents e73e235b 74641620
Pipeline #22652 passed with stages
in 9 minutes and 1 second
import escape from 'escape-html'
const qvitterStatusType = (status) => {
if (status.is_post_verb) {
return 'status'
......@@ -41,7 +43,7 @@ export const parseUser = (data) => {
}
output.name = data.display_name
output.name_html = addEmojis(data.display_name, data.emojis)
output.name_html = addEmojis(escape(data.display_name), data.emojis)
output.description = data.note
output.description_html = addEmojis(data.note, data.emojis)
......@@ -256,7 +258,7 @@ export const parseStatus = (data) => {
output.retweeted_status = parseStatus(data.reblog)
}
output.summary_html = addEmojis(data.spoiler_text, data.emojis)
output.summary_html = addEmojis(escape(data.spoiler_text), data.emojis)
output.external_url = data.url
output.poll = data.poll
output.pinned = data.pinned
......
......@@ -2757,9 +2757,10 @@ es6-promisify@^5.0.0:
dependencies:
es6-promise "^4.0.3"
escape-html@~1.0.3:
escape-html@^1.0.3, escape-html@~1.0.3:
version "1.0.3"
resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=
escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
version "1.0.5"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment