Merge pull request from GHSA-2693-xr3m-jhqr

author: Claire <claire.github-309c@sitedethib.com> 2023-09-19 16:53:21 +0200
committer: GitHub <noreply@github.com> 2023-09-19 16:53:21 +0200
commit: 9fa89dbdcb26bd0e72c575f54290a6a57d6bdd77 (patch)
tree: 576ec08f6aee16cbf8b0445f8ca893e1b9b0a0a9
parent: 75400abe0be825357d562a9b7ea848a1b99b2aba (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/app/services/translate_status_service.rb b/app/services/translate_status_service.rb
index 539a0d9db5f..b905f8158ad 100644
--- a/app/services/translate_status_service.rb
+++ b/app/services/translate_status_service.rb
@@ -12,7 +12,9 @@ class TranslateStatusService < BaseService
     @content = status_content_format(@status)
     @target_language = target_language
 
-    Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) { translation_backend.translate(@content, @status.language, @target_language) }
+    Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) do
+      Sanitize.fragment(translation_backend.translate(@content, @status.language, @target_language), Sanitize::Config::MASTODON_STRICT)
+    end
   end
 
   private
author	Claire <claire.github-309c@sitedethib.com>	2023-09-19 16:53:21 +0200
committer	GitHub <noreply@github.com>	2023-09-19 16:53:21 +0200
commit	9fa89dbdcb26bd0e72c575f54290a6a57d6bdd77 (patch)
tree	576ec08f6aee16cbf8b0445f8ca893e1b9b0a0a9
parent	75400abe0be825357d562a9b7ea848a1b99b2aba (diff)