From b39478de43716e1ee49acd0b95c278dcb143fdae Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Tue, 2 Oct 2018 16:51:46 -0700
Subject: Default sanitization

---
 app/views/action_text/content/_layout.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/views/action_text')

diff --git a/app/views/action_text/content/_layout.html.erb b/app/views/action_text/content/_layout.html.erb
index c0b86a189e..b8c8ab6fc6 100644
--- a/app/views/action_text/content/_layout.html.erb
+++ b/app/views/action_text/content/_layout.html.erb
@@ -1,3 +1,3 @@
 <div class="trix-content">
-  <%=raw document %>
+  <%= sanitize document %>
 </div>
-- 
cgit v1.2.3