From 4c27e79519166479da1bcff920581b77978710fb Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Bellet <jb.bellet@gmail.com>
Date: Thu, 29 Jun 2023 09:20:48 +0200
Subject: [PATCH] Sanitize content when display it on shop

Use the TrixSanitizer | TrixScrubber
---
 app/serializers/api/product_serializer.rb |  6 +++++-
 app/services/trix_sanitizer.rb            | 11 +++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 app/services/trix_sanitizer.rb

diff --git a/app/serializers/api/product_serializer.rb b/app/serializers/api/product_serializer.rb
index cf37d7464a..11f228c1e6 100644
--- a/app/serializers/api/product_serializer.rb
+++ b/app/serializers/api/product_serializer.rb
@@ -21,7 +21,7 @@ class Api::ProductSerializer < ActiveModel::Serializer
 
   # return a sanitized html description
   def description_html
-    sanitizer.sanitize_content(object.description)&.html_safe
+    trix_sanitizer.sanitize_content(object.description)
   end
 
   def properties_with_values
@@ -37,4 +37,8 @@ class Api::ProductSerializer < ActiveModel::Serializer
   def sanitizer
     @sanitizer ||= ContentSanitizer.new
   end
+
+  def trix_sanitizer
+    @trix_sanitizer ||= TrixSanitizer.new
+  end
 end
diff --git a/app/services/trix_sanitizer.rb b/app/services/trix_sanitizer.rb
new file mode 100644
index 0000000000..5b4d83b4e6
--- /dev/null
+++ b/app/services/trix_sanitizer.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class TrixSanitizer
+  include ActionView::Helpers::SanitizeHelper
+
+  def sanitize_content(content)
+    return if content.blank?
+
+    sanitize(content.to_s, scrubber: TrixScrubber.new)
+  end
+end