secu: remove a balise from sane user input

2023-02-02 11:04:57 +01:00 · 2023-02-02 11:04:57 +01:00 · 4f0f221e46
commit 4f0f221e46
parent 3cbb491cfc
1 changed files with 1 additions and 1 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -41,7 +41,7 @@ module TPS
    config.assets.precompile += ['.woff']

    default_allowed_tags = ActionView::Base.sanitized_allowed_tags
-    config.action_view.sanitized_allowed_tags = default_allowed_tags + ['u'] - ['img']
+    config.action_view.sanitized_allowed_tags = default_allowed_tags + ['u'] - ['img', 'a']

    # ActionDispatch's IP spoofing detection is quite limited, and often rejects
    # legitimate requests from misconfigured proxies (such as mobile telcos).