bastodon/app/serializers/rest/preview_card_serializer.rb
Claire 102ed6e8ca
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00

18 lines
496 B
Ruby

# frozen_string_literal: true
class REST::PreviewCardSerializer < ActiveModel::Serializer
include RoutingHelper
attributes :url, :title, :description, :type,
:author_name, :author_url, :provider_name,
:provider_url, :html, :width, :height,
:image, :embed_url, :blurhash
def image
object.image? ? full_asset_url(object.image.url(:original)) : nil
end
def html
Sanitize.fragment(object.html, Sanitize::Config::MASTODON_OEMBED)
end
end