From f688c8df82b955b50552b3198ddc153a716451c2 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Mon, 27 Jul 2020 20:36:31 -0500
Subject: [PATCH] Fix User.registration_reason HTML sanitizing issues

---
 lib/pleroma/emails/admin_email.ex                             | 3 ++-
 lib/pleroma/web/twitter_api/twitter_api.ex                    | 3 +--
 test/web/mastodon_api/controllers/account_controller_test.exs | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/pleroma/emails/admin_email.ex b/lib/pleroma/emails/admin_email.ex
index fae7faf00..c27ad1065 100644
--- a/lib/pleroma/emails/admin_email.ex
+++ b/lib/pleroma/emails/admin_email.ex
@@ -8,6 +8,7 @@ defmodule Pleroma.Emails.AdminEmail do
   import Swoosh.Email
 
   alias Pleroma.Config
+  alias Pleroma.HTML
   alias Pleroma.Web.Router.Helpers
 
   defp instance_config, do: Config.get(:instance)
@@ -86,7 +87,7 @@ defmodule Pleroma.Emails.AdminEmail do
   def new_unapproved_registration(to, account) do
     html_body = """
     <p>New account for review: <a href="#{user_url(account)}">@#{account.nickname}</a></p>
-    <blockquote>#{account.registration_reason}</blockquote>
+    <blockquote>#{HTML.strip_tags(account.registration_reason)}</blockquote>
     <a href="#{Pleroma.Web.base_url()}/pleroma/admin">Visit AdminFE</a>
     """
 
diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex
index 424a705dd..2294d9d0d 100644
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@@ -7,7 +7,6 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
 
   alias Pleroma.Emails.Mailer
   alias Pleroma.Emails.UserEmail
-  alias Pleroma.HTML
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.UserInviteToken
@@ -20,7 +19,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
       |> Map.put(:nickname, params[:username])
       |> Map.put(:name, Map.get(params, :fullname, params[:username]))
       |> Map.put(:password_confirmation, params[:password])
-      |> Map.put(:registration_reason, HTML.strip_tags(params[:reason]))
+      |> Map.put(:registration_reason, params[:reason])
 
     if Pleroma.Config.get([:instance, :registrations_open]) do
       create_user(params, opts)
diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs
index 1ba5bc964..e6b283aab 100644
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@@ -1017,7 +1017,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
           password: "PlzDontHackLain",
           bio: "Test Bio",
           agreement: true,
-          reason: "I am a cool dude, bro"
+          reason: "I'm a cool dude, bro"
         })
 
       %{
@@ -1035,7 +1035,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       assert token_from_db.user.confirmation_pending
       assert token_from_db.user.approval_pending
 
-      assert token_from_db.user.registration_reason == "I am a cool dude, bro"
+      assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
     end
 
     test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do