raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-31 21:37:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize product description using rails default sanitizer

Browse Source
This commit is contained in:
Ana Nunes da Silva
2024-05-24 12:50:57 +01:00
parent d5dac4d890
commit a7dc243db9
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/models/spree/product.rb
View File

@@ -304,6 +304,16 @@ module Spree
)
end
# Remove any unsupported HTML.
def description
Rails::HTML::SafeListSanitizer.new.sanitize(super)
end
# # Remove any unsupported HTML.
def description=(html)
super(Rails::HTML::SafeListSanitizer.new.sanitize(html))
end
private
def update_units

12
spec/models/spree/product_spec.rb
View File

@@ -748,6 +748,18 @@ module Spree
expect(e.variants.reload).to be_empty
end
end
describe "serialisation" do
it "sanitises HTML in description" do
subject.description = "Hello <script>alert</script> dearest <b>monster</b>."
expect(subject.description).to eq "Hello alert dearest <b>monster</b>."
end
it "sanitises existing HTML in description" do
subject[:description] = "Hello <script>alert</script> dearest <b>monster</b>."
expect(subject.description).to eq "Hello alert dearest <b>monster</b>."
end
end
end
RSpec.describe "product import" do