go-fed / apcore

Golang ActivityPub Server Framework
GNU Affero General Public License v3.0
105 stars 10 forks source link

Sanitize content and summary XML fields (possible XSS) #63

Closed zauberstuhl closed 3 years ago

zauberstuhl commented 3 years ago

This is something I implemented on my fork because XSS is possible from federated and local posts. Obviously that only covers a small part but it is a start.

If you don't want it because this is supposed to be an example-only-repo. Close the pull request. I am fine with both :)

cjslep commented 3 years ago

Thank you so much! I've created #69 to start the conversation on how to solve the problem wholistically -- and hopefully in a way such that repeated code is not needed.