Decode HTML entities when sanitized

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-29 19:26:49 +02:00 · 2021-03-29 19:26:49 +02:00 · 8e6aa8c85c
parent 69339700cd
commit 8e6aa8c85c
3 changed files with 3 additions and 2 deletions
--- a/lib/service/formatter/html.ex
+++ b/lib/service/formatter/html.ex
@ -17,7 +17,7 @@ defmodule Mobilizon.Service.Formatter.HTML do
  def strip_tags(html) do
    case FastSanitize.strip_tags(html) do
      {:ok, html} ->
-        html
+        HtmlEntities.decode(html)
      _ ->
        raise "Failed to filter tags"
--- a/mix.exs
+++ b/mix.exs
@ -142,6 +142,7 @@ defmodule Mobilizon.Mixfile do
      {:ex_cldr_languages, "~> 0.2.1"},
      {:slugger, "~> 0.3"},
      {:sentry, "~> 8.0"},
      {:html_entities, "~> 0.5"},
      # Dev and test dependencies
      {:phoenix_live_reload, "~> 1.2", only: [:dev, :e2e]},
      {:ex_machina, "~> 2.3", only: [:dev, :test]},
--- a/test/service/metadata/utils_test.exs
+++ b/test/service/metadata/utils_test.exs
@ -17,7 +17,7 @@ defmodule Mobilizon.Service.Metadata.UtilsTest do
               "<h1>Biography</h1><p>It all started when someone wanted a <b>very long string</b> to be cut. However it's difficult to invent things to write when you've got nothing to say. Anyway, what's the deal here. We just need to reach 200 characters.",
               "fr"
             ) ==
-               "Biography It all started when someone wanted a very long string to be cut. However it&#39;s difficult to invent things to write when you&#39;ve got nothing to say. Anyway, what&#39;s the deal here. We…"
+               "Biography It all started when someone wanted a very long string to be cut. However it's difficult to invent things to write when you've got nothing to say. Anyway, what's the deal here. We just need to…"
    end
    test "process_description/3 returns default if no description is provided" do