Security fixes

slices/admin/decorators/posts/decorator.rb

@@ -82,9 +82,9 @@ module Admin
         def display_title
           title = name
           if prefix_emoji
-            return "#{prefix_emoji} #{title}"
+            "#{prefix_emoji} #{title}"
           else
-            return title
+            title
           end
         end
 
@@ -150,7 +150,7 @@ module Admin
         end
 
         def to_h
-          clean_content = CGI.unescapeHTML(content.gsub(/<\/?[^>]*>/, "")).strip
+          clean_content = Sanitize.fragment(content).strip
           clean_content = clean_content.gsub(prefix_emoji[0], "") if prefix_emoji
           {
             id: slug,

slices/main/decorators/posts/decorator.rb

@@ -86,9 +86,9 @@ module Main
         def display_title
           title = name
           if prefix_emoji
-            return "#{prefix_emoji} #{title}"
+            "#{prefix_emoji} #{title}"
           else
-            return title
+            title
           end
         end
 
@@ -154,7 +154,7 @@ module Main
         end
 
         def to_h
-          clean_content = CGI.unescapeHTML(content.gsub(/<\/?[^>]*>/, "")).strip
+          clean_content = Sanitize.fragment(content).strip
           clean_content = clean_content.gsub(prefix_emoji[0], "") if prefix_emoji
           {
             id: slug,

slices/micropub/queries/posts/syndication_url_to_source.rb

@@ -3,16 +3,16 @@ module Micropub
     module Posts
       class SyndicationUrlToSource
         def call(url:)
-          if url.match("https://social.dnitza.com")
+          if url.match?(/https:\/\/((social)\.)dnitza.com/)
             return :mastodon
           end
 
-          if url.match("https://bsky.social")
+          if url.match?("https://bsky.social")
             return :bluesky
           end
 
-          if url.match("https://gist.github.com")
+          if url.match?(/https:\/\/((gist)\.)?github\.com/)
-            return :gist
+            :gist
           end
         end
       end