From c3ce823ebb97e522106ca24e43e750aa27bc43d0 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 21 Oct 2020 13:50:27 +0100 Subject: [PATCH 01/20] Update Govspeak in partials The legacy attachment partial needed the `sanitize` method to be used with an allow list of attributes and tags. --- app/views/content_items/_attachments.html.erb | 12 +++++++++--- .../content_items/_body_with_related_links.html.erb | 8 +++++--- .../content_items/_document_collection_body.html.erb | 9 ++++++--- .../service_sign_in/_choose_sign_in.html.erb | 4 +++- .../service_sign_in/_create_new_account.html.erb | 4 +++- app/views/shared/_travel_advice_summary.html.erb | 9 ++++----- 6 files changed, 30 insertions(+), 16 deletions(-) diff --git a/app/views/content_items/_attachments.html.erb b/app/views/content_items/_attachments.html.erb index 81c191f83..915136f84 100644 --- a/app/views/content_items/_attachments.html.erb +++ b/app/views/content_items/_attachments.html.erb @@ -5,9 +5,14 @@ mobile_top_margin: true %> <% if legacy_pre_rendered_documents.present? %> - <%= render 'govuk_publishing_components/components/govspeak', - content: legacy_pre_rendered_documents.html_safe, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(legacy_pre_rendered_documents, { + attributes: %w(alt class data-module href id src), + tags: %w(a details div h2 img p section span summary), + }) %> + <% end %> <% else %> <% attachments.each do |attachment_id| %>
@@ -16,5 +21,6 @@
<% end %> <% end %> + <% end %> diff --git a/app/views/content_items/_body_with_related_links.html.erb b/app/views/content_items/_body_with_related_links.html.erb index 2425ae88b..6c1768c02 100644 --- a/app/views/content_items/_body_with_related_links.html.erb +++ b/app/views/content_items/_body_with_related_links.html.erb @@ -9,9 +9,11 @@
- <%= render 'govuk_publishing_components/components/govspeak', - { direction: page_text_direction, disable_youtube_expansions: true } do %> - <%= raw @content_item.body %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + disable_youtube_expansions: true, + } do %> + <%= sanitize(@content_item.body) %> <% end %> <% if @content_item.last_updated && @content_item.schema_name == "help_page" %> diff --git a/app/views/content_items/_document_collection_body.html.erb b/app/views/content_items/_document_collection_body.html.erb index 20d96d501..c14e63f71 100644 --- a/app/views/content_items/_document_collection_body.html.erb +++ b/app/views/content_items/_document_collection_body.html.erb @@ -4,10 +4,13 @@ <% @content_item.groups.each_with_index do |group, group_index| %> <%= @content_item.group_heading(group) %> + <% if group["body"].present? %> - <%= render 'govuk_publishing_components/components/govspeak', - content: raw(group["body"]), - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(group["body"]) %> + <% end %> <% end %>
diff --git a/app/views/content_items/service_sign_in/_choose_sign_in.html.erb b/app/views/content_items/service_sign_in/_choose_sign_in.html.erb index 899de11ee..75d5d0f13 100644 --- a/app/views/content_items/service_sign_in/_choose_sign_in.html.erb +++ b/app/views/content_items/service_sign_in/_choose_sign_in.html.erb @@ -27,7 +27,9 @@ <%= render "govuk_publishing_components/components/fieldset", legend_text: legend_text do %>
- <%= render 'govuk_publishing_components/components/govspeak', content: raw(@content_item.description) %> + <%= render 'govuk_publishing_components/components/govspeak', {} do %> + <%= sanitize(@content_item.description) %> + <% end %> <% if @error %> <%= render "components/error-message", text: t('service_sign_in.error.option') %> <% end %> diff --git a/app/views/content_items/service_sign_in/_create_new_account.html.erb b/app/views/content_items/service_sign_in/_create_new_account.html.erb index b909fe336..6286fca02 100644 --- a/app/views/content_items/service_sign_in/_create_new_account.html.erb +++ b/app/views/content_items/service_sign_in/_create_new_account.html.erb @@ -1,6 +1,8 @@
<%= render 'govuk_publishing_components/components/title', title: @content_item.title %> - <%= render 'govuk_publishing_components/components/govspeak', content: @content_item.body.html_safe %> + <%= render 'govuk_publishing_components/components/govspeak', {} do %> + <% sanitize(@content_item.body) %> + <% end %>
diff --git a/app/views/shared/_travel_advice_summary.html.erb b/app/views/shared/_travel_advice_summary.html.erb index a675addef..279a5110d 100644 --- a/app/views/shared/_travel_advice_summary.html.erb +++ b/app/views/shared/_travel_advice_summary.html.erb @@ -1,12 +1,11 @@ <% if content_item.alert_status.present? %> - <% alert_body = capture do %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %>
- <%= content_item.alert_status %> + <%= sanitize(content_item.alert_status) %>
<% end %> - <%= render 'govuk_publishing_components/components/govspeak', - content: alert_body, - direction: page_text_direction %> <% end %> <%= render 'govuk_publishing_components/components/metadata', content_item.metadata %> From b6dd561ebd9b1da7e061bb97c9a3be7f0f4c0087 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 21 Oct 2020 14:55:33 +0100 Subject: [PATCH 02/20] Update Govspeak in case study template --- app/views/content_items/case_study.html.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/case_study.html.erb b/app/views/content_items/case_study.html.erb index 4f541e883..86c927a7f 100644 --- a/app/views/content_items/case_study.html.erb +++ b/app/views/content_items/case_study.html.erb @@ -27,9 +27,11 @@ credit: @content_item.image["credit"], caption: @content_item.image["caption"] if @content_item.image %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.body.html_safe, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.body) %> + <% end %>
<%= render 'components/published-dates', { From 61c4a993a6ea26fdadc94cf1ef2ed357b02df953 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 21 Oct 2020 15:17:39 +0100 Subject: [PATCH 03/20] Update Govspeak in consultation template --- app/views/content_items/consultation.html.erb | 64 ++++++++++++++----- 1 file changed, 47 insertions(+), 17 deletions(-) diff --git a/app/views/content_items/consultation.html.erb b/app/views/content_items/consultation.html.erb index 803f7cf69..812243dbe 100644 --- a/app/views/content_items/consultation.html.erb +++ b/app/views/content_items/consultation.html.erb @@ -25,7 +25,10 @@ <% if @content_item.opening_date_midnight? %>on<% else %>at<% end %> <% end %> - <%= render 'govuk_publishing_components/components/notice', title: "This consultation isn't open yet", description_text: content_item_unopened %> + <%= render 'govuk_publishing_components/components/notice', { + title: "This consultation isn't open yet", + description_text: content_item_unopened, + } %> <% elsif @content_item.pending_final_outcome? %> <% content_item_final_outcome = capture do %> @@ -47,9 +50,11 @@ <%= render 'govuk_publishing_components/components/heading', text: "Detail of outcome", mobile_top_margin: true %>
- <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.final_outcome_detail.html_safe, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.final_outcome_detail) %> + <% end %>
<% end %> @@ -59,18 +64,28 @@ attachments: @content_item.public_feedback_attachments %> <% if @content_item.public_feedback_detail %> - <%= render 'govuk_publishing_components/components/heading', text: "Detail of feedback received", mobile_top_margin: true %> + <%= render 'govuk_publishing_components/components/heading', { + mobile_top_margin: true, + text: "Detail of feedback received", + } %>
- <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.public_feedback_detail.html_safe, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.public_feedback_detail) %> + <% end %>
<% end %> <% if @content_item.final_outcome? %>
- <%= render 'govuk_publishing_components/components/heading', text: "Original consultation", id: "original-consultation-title", heading_level: 2, mobile_top_margin: true %> + <%= render 'govuk_publishing_components/components/heading', { + heading_level: 2, + id: "original-consultation-title", + mobile_top_margin: true, + text: "Original consultation", + } %>
<% end %> @@ -92,11 +107,18 @@ <% consultation_desc = capture do %> <%= @content_item.description %> <% if @content_item.held_on_another_website? %> -

- This consultation <% if @content_item.closed? %>was<% else %>is being<% end %> held on another website. +

+ + This consultation <% if @content_item.closed? %>was<% else %>is being<% end %> held on another website. + +

<% end %> <% end %> - <%= render 'components/banner', text: consultation_desc, title: 'Summary', aside: consultation_date %> + <%= render 'components/banner', { + aside: consultation_date, + text: consultation_desc, + title: 'Summary', + } %> <% if @content_item.final_outcome? %>
@@ -104,8 +126,14 @@
- <%= render 'govuk_publishing_components/components/heading', text: "Consultation description", mobile_top_margin: true %> - <%= render 'govuk_publishing_components/components/govspeak', @content_item.govspeak_body %> + <%= render 'govuk_publishing_components/components/heading', { + mobile_top_margin: true, + text: "Consultation description", + } %> + + <%= render 'govuk_publishing_components/components/govspeak', {} do %> + <%= sanitize(@content_item.govspeak_body[:content]) %> + <% end %> <%= render "attachments", title: "Documents", @@ -149,9 +177,11 @@ <% end %> <% end %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @ways_to_respond_body, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(@ways_to_respond_body) %> + <% end %>
<% end %> From 76e410f3392d4cef6255c4eaab3e3352969aaf96 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 21 Oct 2020 16:17:10 +0100 Subject: [PATCH 04/20] Update Govspeak in corporate info page template --- app/views/content_items/corporate_information_page.html.erb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/views/content_items/corporate_information_page.html.erb b/app/views/content_items/corporate_information_page.html.erb index c2ba3fe01..07150864e 100644 --- a/app/views/content_items/corporate_information_page.html.erb +++ b/app/views/content_items/corporate_information_page.html.erb @@ -47,7 +47,11 @@
<%= render "components/contents-list-with-body", contents: @content_item.contents do %>
- <%= render 'govuk_publishing_components/components/govspeak', content: "#{@content_item.body}#{@additional_body}".html_safe %> + <%= render 'govuk_publishing_components/components/govspeak', {} do %> + <%= sanitize("#{@content_item.body}#{@additional_body}", { + attributes: %w(id href), + }) %> + <% end %>
<% end %>
From aa025b9d0e6682b661e0cdb4eb5babcb0e2c15e4 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 21 Oct 2020 16:19:23 +0100 Subject: [PATCH 05/20] Update Govspeak in detailed guide template --- app/views/content_items/detailed_guide.html.erb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/views/content_items/detailed_guide.html.erb b/app/views/content_items/detailed_guide.html.erb index 4ef6ab5e3..9b418a019 100644 --- a/app/views/content_items/detailed_guide.html.erb +++ b/app/views/content_items/detailed_guide.html.erb @@ -28,7 +28,10 @@ margin_top: 0, margin_bottom: 6, } %> - <%= render 'govuk_publishing_components/components/govspeak', @content_item.govspeak_body %> + + <%= render 'govuk_publishing_components/components/govspeak', {} do %> + <%= sanitize(@content_item.govspeak_body[:content]) %> + <% end %>
<%= render 'components/published-dates', { From fc8f23e0963efb3762912bc199c7d6891c444e27 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 21 Oct 2020 16:24:45 +0100 Subject: [PATCH 06/20] Update Govspeak in fatality notice template --- app/views/content_items/fatality_notice.html.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/fatality_notice.html.erb b/app/views/content_items/fatality_notice.html.erb index e8bd314b6..b635c6cbb 100644 --- a/app/views/content_items/fatality_notice.html.erb +++ b/app/views/content_items/fatality_notice.html.erb @@ -27,9 +27,11 @@ alt: @content_item.image["alt_text"], credit: @content_item.image["credit"], caption: @content_item.image["caption"] if @content_item.image %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.body.html_safe, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.body) %> + <% end %>
<%= render 'components/published-dates', { From 09a4aaebfcb938265aca10b960216d556da2c455 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 21 Oct 2020 16:28:06 +0100 Subject: [PATCH 07/20] Update Govspeak & fix linting on gone template --- app/views/content_items/gone.html.erb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/app/views/content_items/gone.html.erb b/app/views/content_items/gone.html.erb index 5a65faced..e2eed2f17 100644 --- a/app/views/content_items/gone.html.erb +++ b/app/views/content_items/gone.html.erb @@ -1,12 +1,16 @@
- <%= render 'govuk_publishing_components/components/title', title: 'The page you\'re looking for is no longer available' %> + <%= render "govuk_publishing_components/components/title", { + title: "The page you're looking for is no longer available", + } %>

The information on this page has been removed because it was published in error.

- <%= render 'govuk_publishing_components/components/govspeak', content: raw(@content_item.explanation) %> + <%= render "govuk_publishing_components/components/govspeak", {} do %> + <%= sanitize(@content_item.explanation) %> + <% end %> <% if @content_item.alternative_path.present? %>

From 3220c06f5ae233f5112f5dc4461c41d0fc2397c5 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:01:30 +0000 Subject: [PATCH 08/20] Update Govspeak in guide template --- app/views/content_items/guide.html.erb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/views/content_items/guide.html.erb b/app/views/content_items/guide.html.erb index 15ac15540..03433da2c 100644 --- a/app/views/content_items/guide.html.erb +++ b/app/views/content_items/guide.html.erb @@ -37,10 +37,12 @@ <% end %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.current_part_body.html_safe, - direction: page_text_direction, - disable_youtube_expansions: true %> + <%= render "govuk_publishing_components/components/govspeak", { + direction: page_text_direction, + disable_youtube_expansions: true + } do %> + <%= sanitize(@content_item.current_part_body) %> + <% end %> <% if @content_item.show_guide_navigation? %> <%= render 'govuk_publishing_components/components/previous_and_next_navigation', @content_item.previous_and_next_navigation %> From 24facb10ba53974c785882fd7e68532de567c977 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:09:30 +0000 Subject: [PATCH 09/20] Update Govspeak in HTML publications template --- app/views/content_items/html_publication.html.erb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/views/content_items/html_publication.html.erb b/app/views/content_items/html_publication.html.erb index 7e185ffd4..62db12ed6 100644 --- a/app/views/content_items/html_publication.html.erb +++ b/app/views/content_items/html_publication.html.erb @@ -57,7 +57,9 @@

- <%= render 'govuk_publishing_components/components/govspeak_html_publication', @content_item.govspeak_body %> + <%= render "govuk_publishing_components/components/govspeak_html_publication", {} do %> + <%= sanitize(@content_item.govspeak_body[:content]) %> + <% end %>
From 657331ef992a57abd90f13e39fa626efc27bbb99 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:12:57 +0000 Subject: [PATCH 10/20] Update Govspeak in news article template --- app/views/content_items/news_article.html.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/news_article.html.erb b/app/views/content_items/news_article.html.erb index 89a82574b..e63ac69f3 100644 --- a/app/views/content_items/news_article.html.erb +++ b/app/views/content_items/news_article.html.erb @@ -26,9 +26,11 @@ alt: @content_item.image["alt_text"], credit: @content_item.image["credit"], caption: @content_item.image["caption"] if @content_item.image %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.body.html_safe, - direction: page_text_direction %> + <%= render "govuk_publishing_components/components/govspeak", { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.body) %> + <% end %>
From 0da5317a8ac2bee76e77863b86cd573a01ce271a Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:17:18 +0000 Subject: [PATCH 11/20] Update Govspeak in publication template --- app/views/content_items/publication.html.erb | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/app/views/content_items/publication.html.erb b/app/views/content_items/publication.html.erb index 100bed212..6318dd01e 100644 --- a/app/views/content_items/publication.html.erb +++ b/app/views/content_items/publication.html.erb @@ -36,13 +36,16 @@
- <%= render 'govuk_publishing_components/components/heading', + <%= render "govuk_publishing_components/components/heading", { text: t("publication.details"), - mobile_top_margin: true %> - - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.details.html_safe, - direction: page_text_direction %> + mobile_top_margin: true, + } %> + + <%= render "govuk_publishing_components/components/govspeak", { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.details) %> + <% end %>
From d5febff24f24476e7f2d3e2ac25fc7f8b10b26cd Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:20:00 +0000 Subject: [PATCH 12/20] Update Govspeak in specialist document template --- .../content_items/specialist_document.html.erb | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/app/views/content_items/specialist_document.html.erb b/app/views/content_items/specialist_document.html.erb index aa433353c..a157e9feb 100644 --- a/app/views/content_items/specialist_document.html.erb +++ b/app/views/content_items/specialist_document.html.erb @@ -34,15 +34,17 @@ <% end %>
- <%= render 'govuk_publishing_components/components/govspeak', @content_item.govspeak_body %> + <%= render "govuk_publishing_components/components/govspeak", {} do %> + <%= sanitize(@content_item.govspeak_body[:content]) %> + <% end %> + <% if @content_item.continuation_link %> - <%= render( - 'govuk_publishing_components/components/button', - start: true, - href: @content_item.continuation_link, - text: "Find out more", - info_text: @content_item.will_continue_on - ) %> + <%= render "govuk_publishing_components/components/button", { + href: @content_item.continuation_link, + info_text: @content_item.will_continue_on, + start: true, + text: "Find out more", + } %> <% end %>
From 07e70dcf6eef00a86c1bb63c128e3b2e285b3a20 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:25:08 +0000 Subject: [PATCH 13/20] Update Govspeak in speech template --- app/views/content_items/speech.html.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/speech.html.erb b/app/views/content_items/speech.html.erb index 27694c639..8ec42c1ab 100644 --- a/app/views/content_items/speech.html.erb +++ b/app/views/content_items/speech.html.erb @@ -30,9 +30,11 @@ credit: @content_item.image["credit"], caption: @content_item.image["caption"] if @content_item.image %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.body.html_safe, - direction: page_text_direction %> + <%= render "govuk_publishing_components/components/govspeak", { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.body) %> + <% end %>
<%= render 'components/published-dates', { From 8f1caa650709985243824b75b9cf3912bb77e98d Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:27:49 +0000 Subject: [PATCH 14/20] Update Govspeak in statistical data set template --- app/views/content_items/statistical_data_set.html.erb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/statistical_data_set.html.erb b/app/views/content_items/statistical_data_set.html.erb index 9b54761ad..76619aec3 100644 --- a/app/views/content_items/statistical_data_set.html.erb +++ b/app/views/content_items/statistical_data_set.html.erb @@ -26,9 +26,12 @@ <%= render "components/contents-list-with-body", contents: @content_item.contents do %>
- <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.body.html_safe, - direction: page_text_direction %> + <%= render "govuk_publishing_components/components/govspeak", { + direction: page_text_direction, + } do %> + <% sanitize(@content_item.body) %> + <% end %> +
<%= render 'components/published-dates', { From 749c9e795deb3184098ed069950581e2666ec400 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:30:08 +0000 Subject: [PATCH 15/20] Update Govspeak in take part template --- app/views/content_items/take_part.html.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/take_part.html.erb b/app/views/content_items/take_part.html.erb index adc415532..bbc288383 100644 --- a/app/views/content_items/take_part.html.erb +++ b/app/views/content_items/take_part.html.erb @@ -21,9 +21,11 @@ credit: @content_item.image["credit"], caption: @content_item.image["caption"] if @content_item.image %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.body.html_safe, - direction: page_text_direction %> + <%= render "govuk_publishing_components/components/govspeak", { + direction: page_text_direction + } do %> + <%= sanitize(@content_item.body) %> + <% end %>
<%= render 'shared/sidebar_navigation' %>
From acf8ea5b5e59be7ac62a685c8e7ed7b2513b716d Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:33:04 +0000 Subject: [PATCH 16/20] Update Govspeak on topical event about template --- app/views/content_items/topical_event_about_page.html.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/topical_event_about_page.html.erb b/app/views/content_items/topical_event_about_page.html.erb index a03bef7d5..ddc08ec47 100644 --- a/app/views/content_items/topical_event_about_page.html.erb +++ b/app/views/content_items/topical_event_about_page.html.erb @@ -17,9 +17,11 @@ <%= render "components/contents-list-with-body", { contents: @content_item.contents, } do %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.body.html_safe, - direction: page_text_direction %> + <%= render "govuk_publishing_components/components/govspeak", { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.body) %> + <% end %> <% end %>
<%= render 'shared/sidebar_navigation' %> From 317a9cc67b65acb09819ed7028a88f74ba8cdbc4 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:35:23 +0000 Subject: [PATCH 17/20] Update Govspeak in the travel advice template --- app/views/content_items/travel_advice.html.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/travel_advice.html.erb b/app/views/content_items/travel_advice.html.erb index c564f4950..9ea62940f 100644 --- a/app/views/content_items/travel_advice.html.erb +++ b/app/views/content_items/travel_advice.html.erb @@ -54,9 +54,11 @@ <%= render 'shared/travel_advice_summary', content_item: @content_item %> <% end %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.current_part_body.html_safe, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.current_part_body) %> + <% end %> <%= render 'govuk_publishing_components/components/previous_and_next_navigation', @content_item.previous_and_next_navigation %> From 1efcd71b4ea33ff89311b9fb8b90a5d6b68a5b0d Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:43:39 +0000 Subject: [PATCH 18/20] Update Govspeak on unpublishing template --- app/views/content_items/unpublishing.html.erb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/views/content_items/unpublishing.html.erb b/app/views/content_items/unpublishing.html.erb index d93b7862c..ec600973b 100644 --- a/app/views/content_items/unpublishing.html.erb +++ b/app/views/content_items/unpublishing.html.erb @@ -6,7 +6,9 @@ The information on this page has been removed because it was published in error.

- <%= render 'govuk_publishing_components/components/govspeak', content: raw(@content_item.explanation) %> + <%= render "govuk_publishing_components/components/govspeak", {} do %> + <%= sanitize(@content_item.explanation) %> + <% end %> <% if @content_item.alternative_url.present? %>

From 9ea947a3a9b6a87c00d793691649a85f886f42f5 Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 12:56:21 +0000 Subject: [PATCH 19/20] Update Govspeak in working group template --- app/views/content_items/working_group.html.erb | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/working_group.html.erb b/app/views/content_items/working_group.html.erb index 97c305bbe..2332285ff 100644 --- a/app/views/content_items/working_group.html.erb +++ b/app/views/content_items/working_group.html.erb @@ -28,9 +28,16 @@

<%= render 'govuk_publishing_components/components/lead_paragraph', text: @content_item.description %> <%= render 'components/contents-list-with-body', contents: @content_item.contents do %> - <%= render 'govuk_publishing_components/components/govspeak', - content: "#{@content_item.body} #{@additional_body}".html_safe, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.body, { + attributes: %w(id class href), + }) %> + <%= sanitize(@additional_body, { + attributes: %w(id class href), + }) %> + <% end %> <% end %>
From ff5b3f6c3d3f53e2a632c9f545670a0f1fe53c7b Mon Sep 17 00:00:00 2001 From: Ian James Date: Wed, 28 Oct 2020 22:30:28 +0000 Subject: [PATCH 20/20] Update Govspeak on world location news article --- .../content_items/world_location_news_article.html.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/content_items/world_location_news_article.html.erb b/app/views/content_items/world_location_news_article.html.erb index c5a93b0fa..ca20d3575 100644 --- a/app/views/content_items/world_location_news_article.html.erb +++ b/app/views/content_items/world_location_news_article.html.erb @@ -27,9 +27,11 @@ credit: @content_item.image["credit"], caption: @content_item.image["caption"] if @content_item.image %> - <%= render 'govuk_publishing_components/components/govspeak', - content: @content_item.body.html_safe, - direction: page_text_direction %> + <%= render 'govuk_publishing_components/components/govspeak', { + direction: page_text_direction, + } do %> + <%= sanitize(@content_item.body) %> + <% end %>