e470ea1cc1
Using `sanitize` we make sure the `href` attribute does not execute any dangerous code. The possibility of a banner pointing to a dangerous URL was very reduced, though, since only administrators can edit this attribute.
5 lines
191 B
Plaintext
5 lines
191 B
Plaintext
<% banner ||= @banners.sample %>
|
|
<div class="banner" style="background-color:<%= banner.background_color %>;">
|
|
<%= sanitize banner_target_link(banner), attributes: %w[href style] %>
|
|
</div>
|