raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-02 21:57:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12506 from anansilva/12448-sanitise-html-enterprise-group

Browse Source 
Sanitise HTML in long description of enterprise group [read-only]
This commit is contained in:
Filipe
2024-05-30 14:07:20 +02:00
committed by GitHub
parent c81e7f3b5d 73218fab05
commit a01dcaadcf
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/models/enterprise_group.rb
View File

@@ -74,6 +74,16 @@ class EnterpriseGroup < ApplicationRecord
permalink
end
# Remove any unsupported HTML.
def long_description
HtmlSanitizer.sanitize(super)
end
# Remove any unsupported HTML.
def long_description=(html)
super(HtmlSanitizer.sanitize(html))
end
private
def sanitize_permalink

12
spec/models/enterprise_group_spec.rb
View File

@@ -118,4 +118,16 @@ RSpec.describe EnterpriseGroup do
end
end
end
describe "serialisation" do
it "sanitises HTML in long_description" do
subject.long_description = "Hello <script>alert</script> dearest <b>monster</b>."
expect(subject.long_description).to eq "Hello alert dearest <b>monster</b>."
end
it "sanitises existing HTML in long_description" do
subject[:long_description] = "Hello <script>alert</script> dearest <b>monster</b>."
expect(subject.long_description).to eq "Hello alert dearest <b>monster</b>."
end
end
end