B Preload: Make sure that the preloaded json is html safe

2024-11-05 16:39:47 +00:00 · 2023-06-02 17:03:21 +04:00 · 2023-06-02 17:03:21 +04:00 · cbc5b8cebd
commit cbc5b8cebd
parent e8d3525665
1 changed files with 2 additions and 2 deletions
--- a/lib/pleroma/web/preload.ex
+++ b/lib/pleroma/web/preload.ex
@ -11,7 +11,7 @@ defmodule Pleroma.Web.Preload do
        terms =
          params
          |> parser.generate_terms()
-          |> Enum.map(fn {k, v} -> {k, Base.encode64(Jason.encode!(v))} end)
+          |> Enum.map(fn {k, v} -> {k, Base.encode64(Jason.encode!(v, escape: :html_safe))} end)
          |> Enum.into(%{})

        Map.merge(acc, terms)
@ -19,7 +19,7 @@ defmodule Pleroma.Web.Preload do

    rendered_html =
      preload_data
-      |> Jason.encode!()
+      |> Jason.encode!(escape: :html_safe)
      |> build_script_tag()
      |> HTML.safe_to_string()