FIX: Allow sanitized-HTML in GH issues and categories oneboxes. (#25374)

Follow-up to d78357917c Related meta topic: https://meta.discourse.org/t/html-is-not-render-on-category-onebox-description/289424:
2025-05-29 11:48:08 +08:00 · 2024-01-22 15:25:29 -03:00
parent a37d26f559
commit a709b7e861
4 changed files with 7 additions and 4 deletions
--- a/lib/onebox/engine/github_issue_onebox.rb
+++ b/lib/onebox/engine/github_issue_onebox.rb
@ -40,7 +40,10 @@ module Onebox
        body, excerpt = compute_body(raw["body"])
        ulink = URI(link)

-        labels = raw["labels"].map { |l| { name: Emoji.codes_to_img(CGI.escapeHTML(l["name"])) } }
+        labels =
+          raw["labels"].map do |l|
+            { name: Emoji.codes_to_img(Onebox::Helpers.sanitize(l["name"])) }
+          end

        {
          link: @url,