diff --git a/lib/pleroma/web/admin_api/views/report_view.ex b/lib/pleroma/web/admin_api/views/report_view.ex
index 47a73dc7e..e7db3a8ff 100644
--- a/lib/pleroma/web/admin_api/views/report_view.ex
+++ b/lib/pleroma/web/admin_api/views/report_view.ex
@@ -5,6 +5,7 @@
defmodule Pleroma.Web.AdminAPI.ReportView do
use Pleroma.Web, :view
alias Pleroma.Activity
+ alias Pleroma.HTML
alias Pleroma.User
alias Pleroma.Web.CommonAPI.Utils
alias Pleroma.Web.MastodonAPI.AccountView
@@ -23,6 +24,13 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
[account_ap_id | status_ap_ids] = report.data["object"]
account = User.get_cached_by_ap_id(account_ap_id)
+ content =
+ unless is_nil(report.data["content"]) do
+ HTML.filter_tags(report.data["content"])
+ else
+ nil
+ end
+
statuses =
Enum.map(status_ap_ids, fn ap_id ->
Activity.get_by_ap_id_with_object(ap_id)
@@ -32,7 +40,7 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
id: report.id,
account: AccountView.render("account.json", %{user: account}),
actor: AccountView.render("account.json", %{user: user}),
- content: report.data["content"],
+ content: content,
created_at: created_at,
statuses: StatusView.render("index.json", %{activities: statuses, as: :activity}),
state: report.data["state"]
diff --git a/test/web/admin_api/views/report_view_test.exs b/test/web/admin_api/views/report_view_test.exs
new file mode 100644
index 000000000..f35f36cac
--- /dev/null
+++ b/test/web/admin_api/views/report_view_test.exs
@@ -0,0 +1,98 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.ReportViewTest do
+ use Pleroma.DataCase
+ import Pleroma.Factory
+ alias Pleroma.Web.AdminAPI.ReportView
+ alias Pleroma.Web.CommonAPI
+ alias Pleroma.Web.MastodonAPI.AccountView
+ alias Pleroma.Web.MastodonAPI.StatusView
+
+ test "renders a report" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, activity} = CommonAPI.report(user, %{"account_id" => other_user.id})
+
+ expected = %{
+ content: nil,
+ actor: AccountView.render("account.json", %{user: user}),
+ account: AccountView.render("account.json", %{user: other_user}),
+ statuses: [],
+ state: "open",
+ id: activity.id
+ }
+
+ result =
+ ReportView.render("show.json", %{report: activity})
+ |> Map.delete(:created_at)
+
+ assert result == expected
+ end
+
+ test "includes reported statuses" do
+ user = insert(:user)
+ other_user = insert(:user)
+ {:ok, activity} = CommonAPI.post(other_user, %{"status" => "toot"})
+
+ {:ok, report_activity} =
+ CommonAPI.report(user, %{"account_id" => other_user.id, "status_ids" => [activity.id]})
+
+ expected = %{
+ content: nil,
+ actor: AccountView.render("account.json", %{user: user}),
+ account: AccountView.render("account.json", %{user: other_user}),
+ statuses: [StatusView.render("status.json", %{activity: activity})],
+ state: "open",
+ id: report_activity.id
+ }
+
+ result =
+ ReportView.render("show.json", %{report: report_activity})
+ |> Map.delete(:created_at)
+
+ assert result == expected
+ end
+
+ test "renders report's state" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, activity} = CommonAPI.report(user, %{"account_id" => other_user.id})
+ {:ok, activity} = CommonAPI.update_report_state(activity.id, "closed")
+ assert %{state: "closed"} = ReportView.render("show.json", %{report: activity})
+ end
+
+ test "renders report description" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, activity} =
+ CommonAPI.report(user, %{
+ "account_id" => other_user.id,
+ "comment" => "posts are too good for this instance"
+ })
+
+ assert %{content: "posts are too good for this instance"} =
+ ReportView.render("show.json", %{report: activity})
+ end
+
+ test "sanitizes report description" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, activity} =
+ CommonAPI.report(user, %{
+ "account_id" => other_user.id,
+ "comment" => ""
+ })
+
+ data = Map.put(activity.data, "content", "")
+ activity = Map.put(activity, :data, data)
+
+ refute "" ==
+ ReportView.render("show.json", %{report: activity})[:content]
+ end
+end