sanitizar el markdown al mostrarlo

2020-06-09 15:51:33 -03:00 · 2020-06-09 15:51:33 -03:00 · 230ea30484
parent 3300e65022
commit 230ea30484
1 changed files with 3 additions and 3 deletions
--- a/app/models/metadata_markdown_content.rb
+++ b/app/models/metadata_markdown_content.rb
@ -2,10 +2,10 @@

 # Contenido con el editor de Markdown
 class MetadataMarkdownContent < MetadataContent
-  # Renderizar a HTML
+  # Renderizar a HTML y sanitizar
  def to_s
-    CommonMarker.render_doc(value, %i[FOOTNOTES SMART],
-                            %i[table strikethrough autolink]).to_html
+    sanitize CommonMarker.render_doc(value, %i[FOOTNOTES SMART],
+                                     %i[table strikethrough autolink]).to_html
  end

  # XXX: No sanitizamos acá porque se escapan varios símbolos de