From 155bf716e5ca9287b55db49c76fd99050352740b Mon Sep 17 00:00:00 2001
From: cryptogopher <cryptogopher@noreply.me>
Date: Wed, 5 Apr 2023 23:25:50 +0200
Subject: [PATCH] sanitize() flash messages

---
 app/views/layouts/application.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 3c51b90..61214f3 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -21,7 +21,7 @@
     <div class="flashes">
       <% flash.each do |entry, message| %>
         <div class="flash <%= entry %>">
-          <div><%= message %></div>
+          <div><%= sanitize message %></div>
           <button onclick="this.parentElement.style.display='none';">&times;</button>
         </div>
       <% end %>