Merge pull request #12542 from anansilva/12448-sanitise-html-custom-tab

Sanitize HTML in custom tab content [read only]
2026-03-06 02:51:34 +00:00 · 2024-06-21 08:35:26 +10:00
parent 1d55c05900 d2c6db0d04
commit 0dd7f264b9
2 changed files with 22 additions and 0 deletions
--- a/app/models/custom_tab.rb
+++ b/app/models/custom_tab.rb
@@ -4,4 +4,14 @@ class CustomTab < ApplicationRecord
  belongs_to :enterprise

  validates :title, presence: true, length: { maximum: 20 }
+
+  # Remove any unsupported HTML.
+  def content
+    HtmlSanitizer.sanitize(super)
+  end
+
+  # Remove any unsupported HTML.
+  def content=(html)
+    super(HtmlSanitizer.sanitize(html))
+  end
 end