From 376d545082f027789b59b100b8af572c74e9de62 Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Sat, 5 Dec 2015 15:56:50 +0100
Subject: [PATCH] Remember to purify HTML...

---
 classes/Notice.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/Notice.php b/classes/Notice.php
index 8f4d63c892..6fe2e4c76a 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -814,7 +814,7 @@ class Notice extends Managed_DataObject
         // Use the local user's shortening preferences, if applicable.
         $stored->rendered = $actor->isLocal()
                                 ? $actor->shortenLinks($act->content)
-                                : $act->content;
+                                : common_purify($act->content);
         $stored->content = common_strip_html($stored->rendered);
 
         // Maybe a missing act-time should be fatal if the actor is not local?