fix 894 sanitize html in HtmlText tiles

concerto · Mar 3, 2014 · 1daf6bd · 1daf6bd
1 parent 0367ea6
commit 1daf6bd
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/app/views/contents/html_text/_render_tile.html.erb b/app/views/contents/html_text/_render_tile.html.erb
@@ -1,3 +1,8 @@
 <div class="default-padding">
-  <%=raw content.data %>
+  <%=
+    # some html such as div can throw off the anchor tags and cause the tile not to render properly
+    ActionController::Base.helpers.sanitize(content.data, 
+      :tags => %w(h1 h2 h3 h4 b br i em li ol u ul p q small strong), 
+      :attributes => %w(style class)) unless content.data.nil?
+  %>
 </div>