From 031cc45992002bfd8de1098b1b38a918342312fb Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Mon, 13 Nov 2023 15:39:08 +1100 Subject: [PATCH] Sanitize home_page_alert_html It still allows some specific tag so we can have link and some formatting. --- app/views/shared/_page_alert.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/shared/_page_alert.html.haml b/app/views/shared/_page_alert.html.haml index d57ef18d99..2a97684da4 100644 --- a/app/views/shared/_page_alert.html.haml +++ b/app/views/shared/_page_alert.html.haml @@ -1,6 +1,6 @@ - if ContentConfig.home_page_alert_html.present? .alert-cta - %h6= raw ContentConfig.home_page_alert_html + %h6= sanitize(@comment.body, tags: %w(strong em a i span), attributes: %w(href target)) - else = render "shared/register_call"