From 5f9511c389041570d21c383ce07dd2786df9cc2d Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 19 Sep 2023 16:53:21 +0200 Subject: [PATCH] Merge pull request from GHSA-2693-xr3m-jhqr --- app/services/translate_status_service.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/services/translate_status_service.rb b/app/services/translate_status_service.rb index 539a0d9db5..b905f8158a 100644 --- a/app/services/translate_status_service.rb +++ b/app/services/translate_status_service.rb @@ -12,7 +12,9 @@ class TranslateStatusService < BaseService @content = status_content_format(@status) @target_language = target_language - Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) { translation_backend.translate(@content, @status.language, @target_language) } + Rails.cache.fetch("translations/#{@status.language}/#{@target_language}/#{content_hash}", expires_in: CACHE_TTL) do + Sanitize.fragment(translation_backend.translate(@content, @status.language, @target_language), Sanitize::Config::MASTODON_STRICT) + end end private