From 8aa3f0d9afe66b811fa551e26db0ac0a1ab07cba Mon Sep 17 00:00:00 2001 From: rimu <3310831+rimu@users.noreply.github.com> Date: Thu, 18 Jan 2024 15:15:10 +1300 Subject: [PATCH] handle unescaped html in post titles --- app/activitypub/util.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/activitypub/util.py b/app/activitypub/util.py index 66496dbb..d52ed9b9 100644 --- a/app/activitypub/util.py +++ b/app/activitypub/util.py @@ -1,5 +1,6 @@ from __future__ import annotations +import html import os from datetime import timedelta from random import randint @@ -432,7 +433,7 @@ def actor_json_to_model(activity_json, address, server): def post_json_to_model(post_json, user, community) -> Post: post = Post(user_id=user.id, community_id=community.id, - title=post_json['name'].replace('&', '&'), + title=html.unescape(post_json['name']), comments_enabled=post_json['commentsEnabled'], sticky=post_json['stickied'] if 'stickied' in post_json else False, nsfw=post_json['sensitive'], @@ -987,7 +988,7 @@ def create_post_reply(activity_log: ActivityPubLog, community: Community, in_rep def create_post(activity_log: ActivityPubLog, community: Community, request_json: dict, user: User, announce_id=None) -> Union[Post, None]: post = Post(user_id=user.id, community_id=community.id, - title=request_json['object']['name'].replace('&', '&'), + title=html.unescape(request_json['object']['name']), comments_enabled=request_json['object']['commentsEnabled'], sticky=request_json['object']['stickied'] if 'stickied' in request_json['object'] else False, nsfw=request_json['object']['sensitive'],