fix escaped strings in bio

2023-09-18 13:11:42 +03:00 · 2023-09-18 13:11:42 +03:00 · a28ca85a37
commit a28ca85a37
parent e55936c8c3
1 changed files with 1 additions and 1 deletions
--- a/app/views/merged/form/_editor.haml
+++ b/app/views/merged/form/_editor.haml
@ -25,7 +25,7 @@
    options el: '.editor'
    def initialize
      @tab = 1
-      @markdown = "#{object.send(field).to_s.html_safe}"
+      @markdown = "#{CGI::escapeHTML(sanitize object.send(field).to_s)}"
    end
    def compiledMarkdown
      marked.parse(@markdown)