InfoDossier: avoid xss injection

2017-07-12 13:47:49 +02:00 · 2017-07-12 13:47:49 +02:00 · 2e03f77e4d
commit 2e03f77e4d
parent 7c3b9ecfa9
1 changed files with 1 additions and 1 deletions
--- a/app/views/dossiers/_infos_dossier.html.haml
+++ b/app/views/dossiers/_infos_dossier.html.haml
@ -52,7 +52,7 @@
                  - elsif champ.decorate.value == 'false'
                    Non
                - else
-                  = champ.decorate.value.html_safe
+                  = sanitize(champ.decorate.value)

    - if @facade.dossier.mandataire_social && gestionnaire_signed_in?
      .mandataire_social.text-success.center