Skip to content

Commit

Permalink
Sanitize form element header
Browse files Browse the repository at this point in the history
  • Loading branch information
@robinkar
robinkar committed Jan 29, 2025
1 parent 624fdbb commit d18b9b6
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion apps/dashboard/app/helpers/batch_connect/session_contexts_helper.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ def create_widget(form, attrib, format: nil, hide_excludable: true, hide_fixed:
else
form.send widget, attrib.id, all_options
end
header = OodAppkit.markdown.render(attrib.header)
header = sanitize(OodAppkit.markdown.render(attrib.header))
"#{header}#{rendered}".html_safe

end
Expand Down
2 changes: 1 addition & 1 deletion apps/dashboard/test/fixtures/sys_with_gateway_apps/bc_jupyter/form.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ attributes:
widget: select
label: "Node type"
header: |
<span id="test_form_element_header">Some text in a span</span>
<span class="test_form_element_header">Some text in a span</span>
## Header using Markdown
options:
- [
Expand Down
2 changes: 1 addition & 1 deletion apps/dashboard/test/system/batch_connect_widgets_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -543,7 +543,7 @@ def make_bc_app(dir, form)
visit new_batch_connect_session_context_url('sys/bc_jupyter')

# Span exists (HTML works).
header_span = find(id: 'test_form_element_header', text: 'Some text in a span')
header_span = find(class: 'test_form_element_header', text: 'Some text in a span')
# Markdown element exists (## => h2).
markdown_header = header_span.find(:xpath, './/../../h2', text: 'Header using Markdown')
# Header precedes its form element.
Expand Down

0 comments on commit d18b9b6

Please sign in to comment.