fix: sanitize remote user properties on insertion

2024-07-21 14:29:58 +02:00 · 2024-07-21 14:29:58 +02:00 · 972b109ac0
commit 972b109ac0
parent 1ad2ac05fa
1 changed files with 1 additions and 1 deletions
--- a/upub/core/src/model/actor.rs
+++ b/upub/core/src/model/actor.rs
@ -26,7 +26,7 @@ impl<T: apb::Object> From<T> for Field {
 	fn from(value: T) -> Self {
 		Field {
 			name: value.name().str().unwrap_or_default(),
-			value: value.value().str().unwrap_or_default(),
+			value: mdhtml::safe_html(value.value().unwrap_or_default()),
 			field_type: "PropertyValue".to_string(), // TODO can we try parsing this instead??
 			verified_at: None, // TODO where does verified_at come from? extend apb maybe
 		}