diff options
Diffstat (limited to 'app/helpers')
| -rw-r--r-- | app/helpers/action_text/content_helper.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/helpers/action_text/content_helper.rb b/app/helpers/action_text/content_helper.rb index 6d00eee648..d6ced93502 100644 --- a/app/helpers/action_text/content_helper.rb +++ b/app/helpers/action_text/content_helper.rb @@ -18,7 +18,11 @@ module ActionText end.chomp end - content.to_html + sanitize content.to_html, tags: ActionText::ALLOWED_TAGS, attributes: ActionText::ALLOWED_ATTRIBUTES end end + + SANITIZER = Rails::Html::Sanitizer.white_list_sanitizer + ALLOWED_TAGS = SANITIZER.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ] + ALLOWED_ATTRIBUTES = SANITIZER.allowed_attributes + ActionText::Attachment::ATTRIBUTES end |