From 230ea3048497eff67f1527b9296ee92f0565fba9 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Tue, 9 Jun 2020 15:51:33 -0300
Subject: [PATCH] sanitizar el markdown al mostrarlo

---
 app/models/metadata_markdown_content.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/models/metadata_markdown_content.rb b/app/models/metadata_markdown_content.rb
index b1d4c99..890ffff 100644
--- a/app/models/metadata_markdown_content.rb
+++ b/app/models/metadata_markdown_content.rb
@@ -2,10 +2,10 @@
 
 # Contenido con el editor de Markdown
 class MetadataMarkdownContent < MetadataContent
-  # Renderizar a HTML
+  # Renderizar a HTML y sanitizar
   def to_s
-    CommonMarker.render_doc(value, %i[FOOTNOTES SMART],
-                            %i[table strikethrough autolink]).to_html
+    sanitize CommonMarker.render_doc(value, %i[FOOTNOTES SMART],
+                                     %i[table strikethrough autolink]).to_html
   end
 
   # XXX: No sanitizamos acá porque se escapan varios símbolos de