From e396a7b19c42b3c5cf7b9d36b2b80521555e109f Mon Sep 17 00:00:00 2001
From: Manny Dinssa <44172848+Dinssa@users.noreply.github.com>
Date: Tue, 17 Sep 2024 10:52:56 +0100
Subject: [PATCH] Sanitise all titles

---
 app/helpers/application_helper.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index b330003a9..45fde9efc 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -2,6 +2,7 @@ module ApplicationHelper
   include Pagy::Frontend
 
   def browser_title(title, pagy, *resources)
+    title = sanitise_characters(title)
     if resources.any? { |r| r.present? && r.errors.present? }
       "Error: #{[title, t('service_name'), 'GOV.UK'].select(&:present?).join(' - ')}"
     else
@@ -34,7 +35,8 @@ module ApplicationHelper
   def sanitise_characters(string)
     return string unless string
 
-    string.gsub(/[^a-zA-Z0-9\s\-_'&]/, "").tr("'", "’").tr("&", "＆")
+    CGI.unescapeHTML(string)
+    # string.gsub(/[^a-zA-Z0-9\s\-_'&]/, "").tr("'", "’").tr("&", "＆")
   end
 
 private