Le markdown est fait avant un sanitize, offrant plus de sécurité vis a vis des attaques xss
This commit is contained in:
parent
54319565d6
commit
026aa24e8f
@ -1,3 +1,7 @@
|
||||
%h2
|
||||
%em= @event.city + ':'
|
||||
= @event.title
|
||||
|
||||
- if @event.persisted? && request.format == 'text/html' && controller.controller_name != 'moderations' && controller.controller_name != 'notes' && controller.action_name != 'edit' && controller.action_name != 'cancel'
|
||||
#lug-list
|
||||
%h1=t '.lug-list'
|
||||
@ -21,10 +25,6 @@
|
||||
%em.fa.fa-thumbs-down
|
||||
=t '.cancel'
|
||||
|
||||
%h2
|
||||
%em= @event.city + ':'
|
||||
= @event.title
|
||||
|
||||
%h3=t '.dateAndPlace'
|
||||
%p
|
||||
- if @event.same_day?
|
||||
@ -43,10 +43,10 @@
|
||||
|
||||
%h3=t '.description'
|
||||
.description
|
||||
:markdown
|
||||
#{sanitize @event.description,
|
||||
- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
|
||||
= sanitize markdown.render(@event.description),
|
||||
tags: %w(p br table tr td ul ol li a strong b em i img),
|
||||
attributes: %w(href src width height)}
|
||||
attributes: %w(href src width height)
|
||||
|
||||
%h3=t '.infos'
|
||||
%p
|
||||
|
Loading…
Reference in New Issue
Block a user