Fixed a weak Cross-Site Scripting attack surface

author Aidan Cornelius-Bell <[email protected]>

Sat, 28 Dec 2024 22:19:40 +0000 (08:49 +1030)

committer Aidan Cornelius-Bell <[email protected]>

Sat, 28 Dec 2024 22:19:40 +0000 (08:49 +1030)
author Aidan Cornelius-Bell <[email protected]>
Sat, 28 Dec 2024 22:19:40 +0000 (08:49 +1030)
committer Aidan Cornelius-Bell <[email protected]>
Sat, 28 Dec 2024 22:19:40 +0000 (08:49 +1030)
diff --git a/app/views/pubview/show_public.html.erb b/app/views/pubview/show_public.html.erb

index efba06ee4b23b7e46ad879074a4b4beddc5df0f8..c27f80f574080f60a39e0c7721f29b41ca1db5d5 100644 (file)
--- a/app/views/pubview/show_public.html.erb
+++ b/app/views/pubview/show_public.html.erb
@@ -11,6 +11,6 @@
  
  <div class="post">
    <div class="container">
-    <%= raw MarkdownRenderer.render(@page.content) %>
+    <%= MarkdownRenderer.render(@page.content).html_safe %>
    </div>
  </div>
author	Aidan Cornelius-Bell <[email protected]>
	Sat, 28 Dec 2024 22:19:40 +0000 (08:49 +1030)
committer	Aidan Cornelius-Bell <[email protected]>
	Sat, 28 Dec 2024 22:19:40 +0000 (08:49 +1030)