From 9751d5a5a14ff9d79d645aa4ef2edb08b88a8119 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Thu, 29 Jul 2021 00:12:18 +0200
Subject: [PATCH] Update render_markdown to work without html_safe

---
 app/helpers/application_helper.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index d02f1b8d..cbfa22c8 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -42,9 +42,7 @@ module ApplicationHelper
   end
 
   def render_markdown(markdown)
-    # rubocop:disable Rails/OutputSafety
-    Kramdown::Document.new(markdown).to_html.html_safe
-    # rubocop:enable Rails/OutputSafety
+    sanitize Kramdown::Document.new(markdown).to_html
   end
 
   def row(options = {}, &block)