From ec60e8853b32fafadafd5924a206ec7b95d8cb6c Mon Sep 17 00:00:00 2001
From: echarp <manu@echarp.org>
Date: Sun, 7 May 2017 22:06:45 +0200
Subject: [PATCH] Proper html sanitation for static pages

---
 app/views/pages/contact.haml | 2 +-
 app/views/pages/filter.haml  | 2 +-
 app/views/pages/infos.haml   | 2 +-
 app/views/pages/rules.haml   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/views/pages/contact.haml b/app/views/pages/contact.haml
index 5efedd3b1..7d2ce1ae3 100644
--- a/app/views/pages/contact.haml
+++ b/app/views/pages/contact.haml
@@ -1,2 +1,2 @@
 :markdown
-  #{t '.content'}
+  #{sanitize t '.content'}
diff --git a/app/views/pages/filter.haml b/app/views/pages/filter.haml
index 783e5355c..d308c42e8 100644
--- a/app/views/pages/filter.haml
+++ b/app/views/pages/filter.haml
@@ -1,6 +1,6 @@
 %h2
   %em.fa.fa-filter
-  = title t('.title')
+  = title t '.title'
 
 :markdown
   #{t '.helper'}
diff --git a/app/views/pages/infos.haml b/app/views/pages/infos.haml
index 45a553f4c..8f604a098 100644
--- a/app/views/pages/infos.haml
+++ b/app/views/pages/infos.haml
@@ -1,5 +1,5 @@
 :markdown
-  #{t '.content'}
+  #{sanitize t '.content'}
 
 %a(href="http://validator.w3.org/unicorn/check?ucn_uri=#{root_url}"
    style="text-decoration:none;")
diff --git a/app/views/pages/rules.haml b/app/views/pages/rules.haml
index 5efedd3b1..7d2ce1ae3 100644
--- a/app/views/pages/rules.haml
+++ b/app/views/pages/rules.haml
@@ -1,2 +1,2 @@
 :markdown
-  #{t '.content'}
+  #{sanitize t '.content'}
-- 
GitLab