From 8e8c009d2cfa1b631c41f212228e695a8b594764 Mon Sep 17 00:00:00 2001
From: taitus <sebastia.roig@gmail.com>
Date: Tue, 21 Sep 2021 12:13:36 +0200
Subject: [PATCH] Add sanitize to description on moderator activity

Currently html tags were being displayed in the description.
We used the sanitize method to not display them.
---
 app/views/admin/activity/show.html.erb | 2 +-
 spec/system/admin/activity_spec.rb     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/views/admin/activity/show.html.erb b/app/views/admin/activity/show.html.erb
index 01d2623e7..878f69e3a 100644
--- a/app/views/admin/activity/show.html.erb
+++ b/app/views/admin/activity/show.html.erb
@@ -42,7 +42,7 @@
             <% else %>
               <strong><%= activity.actionable.title %></strong>
               <br>
-              <%= activity.actionable.description %>
+              <%= sanitize(activity.actionable.description) %>
             <% end %>
           <td class="align-top">
             <%= activity.user.name %> (<%= activity.user.email %>)
diff --git a/spec/system/admin/activity_spec.rb b/spec/system/admin/activity_spec.rb
index 7ee48afe0..42beefa16 100644
--- a/spec/system/admin/activity_spec.rb
+++ b/spec/system/admin/activity_spec.rb
@@ -9,7 +9,7 @@ describe "Admin activity" do
 
   context "Proposals" do
     scenario "Shows moderation activity on proposals" do
-      proposal = create(:proposal)
+      proposal = create(:proposal, description: "<p>Description with html tag</p>")
 
       visit proposal_path(proposal)
 
@@ -24,6 +24,7 @@ describe "Admin activity" do
         expect(page).to have_content(proposal.title)
         expect(page).to have_content("Hidden")
         expect(page).to have_content(admin.user.username)
+        expect(page).to have_css("p", exact_text: "Description with html tag")
       end
     end