From 127f86e8ae2a20eb8ff2c6e2e82cb416b6a1e9cf Mon Sep 17 00:00:00 2001
From: Eric Leroy-Terquem <eric.leroyterquem@beta.gouv.fr>
Date: Thu, 23 Feb 2023 10:07:09 +0100
Subject: [PATCH] feat(flash messages): add a helper method to keep link when
 sanitizing

---
 app/helpers/sanitize_with_link_helper.rb    | 6 ++++++
 app/views/layouts/_flash_messages.html.haml | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 app/helpers/sanitize_with_link_helper.rb

diff --git a/app/helpers/sanitize_with_link_helper.rb b/app/helpers/sanitize_with_link_helper.rb
new file mode 100644
index 000000000..64e5436b0
--- /dev/null
+++ b/app/helpers/sanitize_with_link_helper.rb
@@ -0,0 +1,6 @@
+module SanitizeWithLinkHelper
+  def sanitize_with_link(value)
+    tags = Rails.configuration.action_view.sanitized_allowed_tags + ['a']
+    sanitize(value, tags:)
+  end
+end
diff --git a/app/views/layouts/_flash_messages.html.haml b/app/views/layouts/_flash_messages.html.haml
index 7eb9812f7..74e29b68c 100644
--- a/app/views/layouts/_flash_messages.html.haml
+++ b/app/views/layouts/_flash_messages.html.haml
@@ -7,8 +7,8 @@
         - if value.class == Array
           .alert{ class: flash_class(key, sticky: sticky, fixed: fixed), role: flash_role(key) }
             - value.each do |message|
-              = sanitize(message)
+              = sanitize_with_link(message)
               %br
         - else
           .alert{ class: flash_class(key, sticky: sticky, fixed: fixed), role: flash_role(key) }
-            = sanitize(value)
+            = sanitize_with_link(value)