Properly sanitize OneTrust id

634d574e · Axel García · bc54c517 · 634d574e
Commit 634d574e authored Oct 12, 2021 by Axel García
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

app/views/layouts/_one_trust.html.haml app/views/layouts/_one_trust.html.haml +4 -2

No files found.
--- a/app/views/layouts/_one_trust.html.haml
+++ b/app/views/layouts/_one_trust.html.haml
 - if one_trust_enabled?
+  - one_trust_id = sanitize(extra_config.one_trust_id, scrubber: Rails::Html::TextOnlyScrubber.new)
+
  <!-- OneTrust -->
-  = javascript_include_tag "https://cdn.cookielaw.org/consent/#{extra_config.one_trust_id}/OtAutoBlock.js"
+  = javascript_include_tag "https://cdn.cookielaw.org/consent/#{one_trust_id}/OtAutoBlock.js"
  = javascript_tag nonce: content_security_policy_nonce do
    :plain
      const oneTrustScript = document.createElement('script');
      oneTrustScript.src = 'https://cdn.cookielaw.org/scripttemplates/otSDKStub.js';
-      oneTrustScript.dataset.domainScript = '#{extra_config.one_trust_id}';
+      oneTrustScript.dataset.domainScript = '#{one_trust_id}';
      oneTrustScript.nonce = '#{content_security_policy_nonce}'
      oneTrustScript.charset = 'UTF-8';
      oneTrustScript.defer = true;