From 8e6aa8c85c22d1026749030496729c83cd92feb7 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Mon, 29 Mar 2021 19:26:49 +0200
Subject: [PATCH] Decode HTML entities when sanitized

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/service/formatter/html.ex        | 2 +-
 mix.exs                              | 1 +
 test/service/metadata/utils_test.exs | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/service/formatter/html.ex b/lib/service/formatter/html.ex
index ef4cdd6a4..2e8bd5ee5 100644
--- a/lib/service/formatter/html.ex
+++ b/lib/service/formatter/html.ex
@@ -17,7 +17,7 @@ defmodule Mobilizon.Service.Formatter.HTML do
   def strip_tags(html) do
     case FastSanitize.strip_tags(html) do
       {:ok, html} ->
-        html
+        HtmlEntities.decode(html)
 
       _ ->
         raise "Failed to filter tags"
diff --git a/mix.exs b/mix.exs
index fec5fc81b..beb5d9901 100644
--- a/mix.exs
+++ b/mix.exs
@@ -142,6 +142,7 @@ defmodule Mobilizon.Mixfile do
       {:ex_cldr_languages, "~> 0.2.1"},
       {:slugger, "~> 0.3"},
       {:sentry, "~> 8.0"},
+      {:html_entities, "~> 0.5"},
       # Dev and test dependencies
       {:phoenix_live_reload, "~> 1.2", only: [:dev, :e2e]},
       {:ex_machina, "~> 2.3", only: [:dev, :test]},
diff --git a/test/service/metadata/utils_test.exs b/test/service/metadata/utils_test.exs
index 9ba6742ae..9aa1dcc8b 100644
--- a/test/service/metadata/utils_test.exs
+++ b/test/service/metadata/utils_test.exs
@@ -17,7 +17,7 @@ defmodule Mobilizon.Service.Metadata.UtilsTest do
                "<h1>Biography</h1><p>It all started when someone wanted a <b>very long string</b> to be cut. However it's difficult to invent things to write when you've got nothing to say. Anyway, what's the deal here. We just need to reach 200 characters.",
                "fr"
              ) ==
-               "Biography It all started when someone wanted a very long string to be cut. However it&#39;s difficult to invent things to write when you&#39;ve got nothing to say. Anyway, what&#39;s the deal here. We…"
+               "Biography It all started when someone wanted a very long string to be cut. However it's difficult to invent things to write when you've got nothing to say. Anyway, what's the deal here. We just need to…"
     end
 
     test "process_description/3 returns default if no description is provided" do