From a28ca85a371a89c0934d3d5e33b64e8270d15bfe Mon Sep 17 00:00:00 2001 From: Torsten Date: Mon, 18 Sep 2023 13:11:42 +0300 Subject: [PATCH] fix escaped strings in bio --- app/views/merged/form/_editor.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/merged/form/_editor.haml b/app/views/merged/form/_editor.haml index 92db47f..d85ac9d 100644 --- a/app/views/merged/form/_editor.haml +++ b/app/views/merged/form/_editor.haml @@ -25,7 +25,7 @@ options el: '.editor' def initialize @tab = 1 - @markdown = "#{object.send(field).to_s.html_safe}" + @markdown = "#{CGI::escapeHTML(sanitize object.send(field).to_s)}" end def compiledMarkdown marked.parse(@markdown)