From e224c6f02a4febea308f22c716aeb5f2e676faef Mon Sep 17 00:00:00 2001
From: Michael Barrett <mike@ghost.org>
Date: Wed, 31 Jul 2024 15:50:49 +0100
Subject: [PATCH] Refine sanitize config

---
 src/handlers.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/handlers.ts b/src/handlers.ts
index 1b06a2e6..39681847 100644
--- a/src/handlers.ts
+++ b/src/handlers.ts
@@ -20,7 +20,9 @@ import type { PersonData } from './user';
 import { ACTOR_DEFAULT_HANDLE } from './constants';
 
 type StoredThing = {
-    object: object | string;
+    object: string | {
+        content: string;
+    }
 }
 
 async function postToArticle(ctx: RequestContext<ContextData>, post: any) {
@@ -210,7 +212,8 @@ export async function inboxHandler(
                 thing.object = await db.get([thing.object]) ?? thing.object;
             }
 
-            if (thing?.object?.content) {
+            // Sanitize HTML content
+            if (thing?.object && typeof thing.object !== 'string') {
                 thing.object.content = sanitizeHtml(thing.object.content, {
                     allowedTags: ['a', 'p', 'img', 'br', 'strong', 'em', 'span'],
                     allowedAttributes: {