Default sanitization

author: David Heinemeier Hansson <david@loudthinking.com> 2018-10-02 16:51:46 -0700
committer: David Heinemeier Hansson <david@loudthinking.com> 2018-10-02 16:51:58 -0700
commit: b39478de43716e1ee49acd0b95c278dcb143fdae (patch)
tree: 3fa5640940b46c25aec27a3df243727a4234ed1a /app
parent: 9fb3dd7551a2bdb8acedf3ceb056071070b6fd66 (diff)
download: rails-b39478de43716e1ee49acd0b95c278dcb143fdae.tar.gz
rails-b39478de43716e1ee49acd0b95c278dcb143fdae.tar.bz2
rails-b39478de43716e1ee49acd0b95c278dcb143fdae.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/action_text/content/_layout.html.erb b/app/views/action_text/content/_layout.html.erb
index c0b86a189e..b8c8ab6fc6 100644
--- a/app/views/action_text/content/_layout.html.erb
+++ b/app/views/action_text/content/_layout.html.erb
@@ -1,3 +1,3 @@
 <div class="trix-content">
-  <%=raw document %>
+  <%= sanitize document %>
 </div>
author	David Heinemeier Hansson <david@loudthinking.com>	2018-10-02 16:51:46 -0700
committer	David Heinemeier Hansson <david@loudthinking.com>	2018-10-02 16:51:58 -0700
commit	b39478de43716e1ee49acd0b95c278dcb143fdae (patch)
tree	3fa5640940b46c25aec27a3df243727a4234ed1a /app
parent	9fb3dd7551a2bdb8acedf3ceb056071070b6fd66 (diff)
download	rails-b39478de43716e1ee49acd0b95c278dcb143fdae.tar.gz rails-b39478de43716e1ee49acd0b95c278dcb143fdae.tar.bz2 rails-b39478de43716e1ee49acd0b95c278dcb143fdae.zip