raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-04-06 07:29:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize read and write long description in enterprise group

Browse Source
This commit is contained in:
Ana Nunes da Silva
2024-05-22 22:40:24 +01:00
parent b4d4faafc0
commit 73218fab05
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/models/enterprise_group.rb
View File

@@ -74,6 +74,16 @@ class EnterpriseGroup < ApplicationRecord
permalink
end
# Remove any unsupported HTML.
def long_description
HtmlSanitizer.sanitize(super)
end
# Remove any unsupported HTML.
def long_description=(html)
super(HtmlSanitizer.sanitize(html))
end
private
def sanitize_permalink

12
spec/models/enterprise_group_spec.rb
View File

@@ -118,4 +118,16 @@ RSpec.describe EnterpriseGroup do
end
end
end
describe "serialisation" do
it "sanitises HTML in long_description" do
subject.long_description = "Hello <script>alert</script> dearest <b>monster</b>."
expect(subject.long_description).to eq "Hello alert dearest <b>monster</b>."
end
it "sanitises existing HTML in long_description" do
subject[:long_description] = "Hello <script>alert</script> dearest <b>monster</b>."
expect(subject.long_description).to eq "Hello alert dearest <b>monster</b>."
end
end
end