Merge pull request from GHSA-2693-xr3m-jhqr

author: Claire <claire.github-309c@sitedethib.com> 2023-09-19 16:53:21 +0200
committer: GitHub <noreply@github.com> 2023-09-19 16:53:21 +0200
commit: 5f9511c389041570d21c383ce07dd2786df9cc2d (patch)
tree: a18cb0cd7c303a0b525e4148a04910af21bbe677
parent: 38a5d92f3814b071803c046144d94643a3ecb934 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/app/services/translate_status_service.rb b/app/services/translate_status_service.rb
index 539a0d9db5f..b905f8158ad 100644
--- a/app/services/translate_status_service.rb
+++ b/app/services/translate_status_service.rb
@@ -12,7 +12,9 @@ class TranslateStatusService < BaseService
     @content = status_content_format(@status)
     @target_language = target_language
 
-    Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) { translation_backend.translate(@content, @status.language, @target_language) }
+    Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) do
+      Sanitize.fragment(translation_backend.translate(@content, @status.language, @target_language), Sanitize::Config::MASTODON_STRICT)
+    end
   end
 
   private
author	Claire <claire.github-309c@sitedethib.com>	2023-09-19 16:53:21 +0200
committer	GitHub <noreply@github.com>	2023-09-19 16:53:21 +0200
commit	5f9511c389041570d21c383ce07dd2786df9cc2d (patch)
tree	a18cb0cd7c303a0b525e4148a04910af21bbe677
parent	38a5d92f3814b071803c046144d94643a3ecb934 (diff)