From 14d587a7cf90009d3780838072c1042eea927b57 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Sun, 17 Jul 2022 10:38:07 +0100
Subject: [PATCH] Check summary for dangerous html

---
 inbox.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/inbox.py b/inbox.py
index 091c6bbd4..998ee2870 100644
--- a/inbox.py
+++ b/inbox.py
@@ -2644,6 +2644,12 @@ def _valid_post_content(base_dir: str, nickname: str, domain: str,
         if summary != valid_content_warning(summary):
             print('WARN: invalid content warning ' + summary)
             return False
+        if dangerous_markup(summary, allow_local_network_access):
+            if message_json['object'].get('id'):
+                print('REJECT ARBITRARY HTML: ' + message_json['object']['id'])
+            print('REJECT ARBITRARY HTML: bad string in summary - ' +
+                  summary)
+            return False
 
     # check for patches before dangeousMarkup, which excludes code
     if is_git_patch(base_dir, nickname, domain,