[Fix #592] Convert html_safe to sanitize

2017-07-12 18:17:53 +02:00 · 2017-07-12 18:17:53 +02:00 · 4ae9d8ef0d
commit 4ae9d8ef0d
parent da7af28f9f
12 changed files with 17 additions and 15 deletions
--- a/app/views/users/siret/_pro.html.haml
+++ b/app/views/users/siret/_pro.html.haml
@ -6,7 +6,7 @@
    = @procedure.libelle

  %p
-    = @procedure.description.html_safe
+    = sanitize(@procedure.description)

  %br
  = form_tag(url_for({ controller: :dossiers, action: :create }), class: 'form-inline', method: 'POST') do |f|