Fix malformed HTML causing uncaught error (#13042) (a64973ae) · Commits · Mirror / Mastodon

app/controllers/api/web/embeds_controller.rb

+11 −5

Original line number	Diff line number	Diff line
		@@ -7,15 +7,21 @@ class Api::Web::EmbedsController < Api::Web::BaseController

		def create
		status = StatusFinder.new(params[:url]).status

		return not_found if status.hidden?

		render json: status, serializer: OEmbedSerializer, width: 400
		rescue ActiveRecord::RecordNotFound
		oembed = FetchOEmbedService.new.call(params[:url])
		oembed[:html] = Formatter.instance.sanitize(oembed[:html], Sanitize::Config::MASTODON_OEMBED) if oembed[:html].present?

		if oembed
		render json: oembed
		else
		render json: {}, status: :not_found
		return not_found if oembed.nil?

		begin
		oembed[:html] = Formatter.instance.sanitize(oembed[:html], Sanitize::Config::MASTODON_OEMBED)
		rescue ArgumentError
		return not_found
		end

		render json: oembed
		end
		end

+2 −0

Original line number	Diff line number	Diff line
		@@ -46,6 +46,8 @@ class Formatter

		def reformat(html)
		sanitize(html, Sanitize::Config::MASTODON_STRICT)
		rescue ArgumentError
		''
		end

		def plaintext(status)