From 79320331c0b1d47e6948a8119de66a40dc28df18 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Bellet <jb.bellet@gmail.com>
Date: Thu, 26 Jan 2023 17:44:51 +0100
Subject: [PATCH] As we trust `description_html` (previously sanitized), direct
 use HTML

via the AngularsJS `bind-html` attribute.

This will display formatting and images.
---
 app/views/shop/products/_summary.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/shop/products/_summary.html.haml b/app/views/shop/products/_summary.html.haml
index c87d26ff46..c99eabaa4e 100644
--- a/app/views/shop/products/_summary.html.haml
+++ b/app/views/shop/products/_summary.html.haml
@@ -9,7 +9,7 @@
     %h3
       %a{"ng-click" => "triggerProductModal()", href: 'javascript:void(0)'}
         %span{"ng-bind" => "::product.name"}
-    %p.product-description{ng: {bind: "::product.description", click: "triggerProductModal()", show: "product.description.length"}}
+    %p.product-description{ng: {"bind-html": "::product.description_html", click: "triggerProductModal()", show: "product.description_html.length"}}
     .product-producer
       = t :products_from
       %span