Replace sanitize with raw for legacy document list

`sanitize` was stripping out the `tabindex` attribute from the legacy document list markup provided by Whitehall. `sanitize` requires an allowlist of attributes, but a more future-proof option is to use `raw` since this is markup from a trusted source.
alphagov · Mar 4, 2021 · 1e95b87 · 1e95b87
1 parent 35d03b8
commit 1e95b87
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/app/views/content_items/_attachments.html.erb b/app/views/content_items/_attachments.html.erb
@@ -8,10 +8,7 @@
       <%= render 'govuk_publishing_components/components/govspeak', {
         direction: page_text_direction,
       } do %>
-        <%= sanitize(legacy_pre_rendered_documents, {
-          attributes: %w(alt class href id src data-module data-track-category data-track-action data-track-label data-track-options data-details-track-click aria-hidden),
-          tags: %w(a details div h2 h3 img p section span summary),
-        }) %>
+        <%= raw(legacy_pre_rendered_documents) %>
       <% end %>
     <% else %>
       <% attachments.each do |attachment_id| %>