Restrict allowed tags in event tooltip description

leejones · Jun 10, 2009 · b19bc9f · b19bc9f
1 parent a2815f4
commit b19bc9f
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/app/views/calendars/_events.html.haml b/app/views/calendars/_events.html.haml
@@ -6,5 +6,6 @@
         %dd.location= h event.location
       - if event.time
         %dd.time= h event.time(:format => '%l:%M %p')
-      %dd.description= h(event.short_description) || '&nbsp;'
+      -# Use a very restricted list of allowable tags
+      %dd.description= sanitize(event.short_description, :tags => %w(strong em b i sup sub br)) || '&nbsp;'
   %p.footer Click date for more details