Sanitise name and use html safe

2 years ago · c6f5f154b0
2 changed files with 11 additions and 3 deletions
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -31,6 +31,13 @@ module ApplicationHelper
    !current_page?(notifications_path) && (authenticated_user_has_notifications? || unauthenticated_user_has_notifications?)
  end
  def sanitise_text(text)
    return if text.blank?
    text.gsub(/[^a-zA-Z0-9\s\-\_\'\&]/, "")
    text.html_safe
  end
 private
  def paginated_title(title, pagy)
--- a/app/helpers/title_helper.rb
+++ b/app/helpers/title_helper.rb
@ -4,11 +4,12 @@ module TitleHelper
  end
  def format_title(searched, page_title, current_user, item_label, count, organisation_name)
    sanitised_organisation_name = sanitise_text(organisation_name)
    if searched.present?
-      actual_title = support_sab_nav?(current_user, organisation_name) ? organisation_name : page_title
+      actual_title = support_sab_nav?(current_user, organisation_name) ? sanitised_organisation_name : page_title
-      "#{actual_title} (#{count} #{item_label} matching ‘#{searched}’)"
+      "#{actual_title} (#{count} #{item_label} matching ‘#{searched}’)".html_safe
    else
-      support_sab_nav?(current_user, organisation_name) ? "#{organisation_name} (#{page_title})" : page_title
+      support_sab_nav?(current_user, organisation_name) ? "#{sanitised_organisation_name} (#{page_title})".html_safe : page_title.html_safe
    end
  end