Commentaires: avoid xss injection

This commit is contained in:
Simon Lehericey 2017-07-12 13:53:25 +02:00
parent 2e03f77e4d
commit 35affd69fc

View file

@ -2,7 +2,7 @@
.comment-header
= commentaire.header
.content
= commentaire.body.html_safe
= sanitize(commentaire.body)
- if file = commentaire.piece_justificative
.file
= link_to file.content_url, class: 'link', target: '_blank' do