raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-31 21:37:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitise existing HTML in Enterprise#long_description

Browse Source 
We will add a migration to sanitise all existing descriptions but before
we do that destructive action, it's good to test this in a read-only
fashion first.
This commit is contained in:
Maikel Linke
2024-05-14 12:25:58 +10:00
parent 7b4a85f7ef
commit 23a27c65be
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/models/enterprise.rb
View File

@@ -247,6 +247,11 @@ class Enterprise < ApplicationRecord
count(distinct: true)
end
# Remove any unsupported HTML.
def long_description
HtmlSanitizer.sanitize(super)
end
# Remove any unsupported HTML.
def long_description=(html)
super(HtmlSanitizer.sanitize(html))

5
spec/models/enterprise_spec.rb
View File

@@ -403,6 +403,11 @@ RSpec.describe Enterprise do
subject.long_description = "Hello <script>alert</script> dearest <b>monster</b>."
expect(subject.long_description).to eq "Hello alert dearest <b>monster</b>."
end
it "sanitises existing HTML in long_description" do
subject[:long_description] = "Hello <script>alert</script> dearest <b>monster</b>."
expect(subject.long_description).to eq "Hello alert dearest <b>monster</b>."
end
end
describe "callbacks" do