From 972b109ac0468e6574e2dd446ab3fc3ec155f5a0 Mon Sep 17 00:00:00 2001
From: alemi <me@alemi.dev>
Date: Sun, 21 Jul 2024 14:29:58 +0200
Subject: [PATCH] fix: sanitize remote user properties on insertion

---
 upub/core/src/model/actor.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/upub/core/src/model/actor.rs b/upub/core/src/model/actor.rs
index 7680040..e62a339 100644
--- a/upub/core/src/model/actor.rs
+++ b/upub/core/src/model/actor.rs
@@ -26,7 +26,7 @@ impl<T: apb::Object> From<T> for Field {
 	fn from(value: T) -> Self {
 		Field {
 			name: value.name().str().unwrap_or_default(),
-			value: value.value().str().unwrap_or_default(),
+			value: mdhtml::safe_html(value.value().unwrap_or_default()),
 			field_type: "PropertyValue".to_string(), // TODO can we try parsing this instead??
 			verified_at: None, // TODO where does verified_at come from? extend apb maybe
 		}