fix: always consider report content as text

Report content was used as HTML in front-end and e-mails but wasn't sanitized as such. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2023-12-06 11:05:56 +01:00
parent ded59bec27
commit ffff379d47
5 changed files with 49 additions and 8 deletions
--- a/lib/web/templates/email/report.html.heex
+++ b/lib/web/templates/email/report.html.heex
@@ -192,7 +192,7 @@
          >
            <p style="margin: 0">
              <h3><%= gettext("Reasons for report") %></h3>
-              <%= @report.content |> raw %>
+              <%= @report.content %>
            </p>
            <table
              cellspacing="0"