Sanitize home_page_alert_html

It still allows some specific tag so we can have link and some formatting.
2026-03-18 04:39:14 +00:00 · 2023-11-13 15:39:08 +11:00
parent 84a8c6b31a
commit 031cc45992
1 changed files with 1 additions and 1 deletions
--- a/app/views/shared/_page_alert.html.haml
+++ b/app/views/shared/_page_alert.html.haml
@@ -1,6 +1,6 @@
 - if ContentConfig.home_page_alert_html.present?
  .alert-cta
-    %h6= raw ContentConfig.home_page_alert_html
+    %h6= sanitize(@comment.body, tags: %w(strong em a i span), attributes: %w(href target))

 - else
  = render "shared/register_call"