diff --git a/app/views/hyrax/batch_edits/edit.html.erb b/app/views/hyrax/batch_edits/edit.html.erb index 34cefe2292..c689ff89fd 100644 --- a/app/views/hyrax/batch_edits/edit.html.erb +++ b/app/views/hyrax/batch_edits/edit.html.erb @@ -2,7 +2,7 @@

Changes will be applied to: (<%= @form.names.size %> works)

- <%= @form.names.join(", ").html_safe %> + <%= sanitize @form.names.join(", ") %>
diff --git a/app/views/hyrax/dashboard/collections/_flash_msg.html.erb b/app/views/hyrax/dashboard/collections/_flash_msg.html.erb index 5a0bfdc9a4..f499bfc8df 100644 --- a/app/views/hyrax/dashboard/collections/_flash_msg.html.erb +++ b/app/views/hyrax/dashboard/collections/_flash_msg.html.erb @@ -2,7 +2,7 @@ <% if flash[type].present? %> <% flash.delete(type) %> <% end %> diff --git a/app/views/hyrax/file_sets/_extra_fields_modal.html.erb b/app/views/hyrax/file_sets/_extra_fields_modal.html.erb index fbe48b8a8d..d5cec62346 100644 --- a/app/views/hyrax/file_sets/_extra_fields_modal.html.erb +++ b/app/views/hyrax/file_sets/_extra_fields_modal.html.erb @@ -11,7 +11,7 @@

Additional <%= label %>(s)

- <%= values.join("
").html_safe %> + <%= sanitize values.join("
") %>
diff --git a/app/views/hyrax/file_sets/_show_characterization_details.html.erb b/app/views/hyrax/file_sets/_show_characterization_details.html.erb index eb52894c73..5d32b8ac6f 100644 --- a/app/views/hyrax/file_sets/_show_characterization_details.html.erb +++ b/app/views/hyrax/file_sets/_show_characterization_details.html.erb @@ -1,7 +1,7 @@ <% @presenter.characterization_metadata.keys.each do |term| %>
<% additional_values = @presenter.secondary_characterization_values(term) %> - <%= @presenter.label_for_term(term) %>: <%= @presenter.primary_characterization_values(term).join("
").html_safe %> + <%= @presenter.label_for_term(term) %>: <%= sanitize @presenter.primary_characterization_values(term).join("
") %> <% unless additional_values.empty? %> <%= render partial: "extra_fields_modal", locals: { name: term, values: additional_values } %> <% end %> diff --git a/app/views/hyrax/notifications/_notifications.html.erb b/app/views/hyrax/notifications/_notifications.html.erb index 5399a538c7..6f20cf3acd 100644 --- a/app/views/hyrax/notifications/_notifications.html.erb +++ b/app/views/hyrax/notifications/_notifications.html.erb @@ -17,8 +17,8 @@ <%= msg.last_message.created_at.to_formatted_s(:long_ordinal) %> - <%= msg.last_message.subject.html_safe %> - <%= msg.last_message.body.html_safe %> + <%= sanitize msg.last_message.subject %> + <%= sanitize msg.last_message.body %> <%= link_to hyrax.notification_path(msg.id), class: "itemicon itemtrash", diff --git a/app/views/hyrax/stats/file.html.erb b/app/views/hyrax/stats/file.html.erb index 46deabf18e..cfd59c297b 100644 --- a/app/views/hyrax/stats/file.html.erb +++ b/app/views/hyrax/stats/file.html.erb @@ -2,7 +2,7 @@ diff --git a/app/views/hyrax/stats/work.html.erb b/app/views/hyrax/stats/work.html.erb index 761b4590c8..267f51b669 100644 --- a/app/views/hyrax/stats/work.html.erb +++ b/app/views/hyrax/stats/work.html.erb @@ -2,7 +2,7 @@ diff --git a/app/views/hyrax/users/_activity_log.html.erb b/app/views/hyrax/users/_activity_log.html.erb index 4aa8a8ce4f..69cad45b44 100644 --- a/app/views/hyrax/users/_activity_log.html.erb +++ b/app/views/hyrax/users/_activity_log.html.erb @@ -9,7 +9,7 @@ <% events.each do |event| %> <% next if event[:action].blank? or event[:timestamp].blank? %> - <%= event[:action].html_safe %> + <%= sanitize event[:action] %> <% time = Time.zone.at(event[:timestamp].to_i) %>