From c9f93d6fd826500007f91010a1ffd0c991ec2c59 Mon Sep 17 00:00:00 2001
From: Tobias Eidelpes <tobias@eidelpes.info>
Date: Wed, 27 May 2020 20:07:04 +0200
Subject: [PATCH] Do not parse HTML
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Might allow an attacker (in this case someone creating a course in TISS)
to do some nasty HTML injection. But eeeh, who cares? ¯\_(ツ)_/¯
---
 app/views/crawlers/projects_crawler/show_detail.html.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/views/crawlers/projects_crawler/show_detail.html.erb b/app/views/crawlers/projects_crawler/show_detail.html.erb
index f87a807..7321c2c 100644
--- a/app/views/crawlers/projects_crawler/show_detail.html.erb
+++ b/app/views/crawlers/projects_crawler/show_detail.html.erb
@@ -4,11 +4,11 @@
   <%= button_to 'Add to favorites', action: :add_to_fav, id: @id, title: @project['titleDe'] %>
   <% if @project['abstractDe'] != nil %>
     <h4>Beschreibung</h4>
-    <p><%= @project['abstractDe'] %></p>
+    <p><%= raw @project['abstractDe'] %></p>
   <% else %>
     <% if @project['abstractEn'] != nil %>
       <h4>Beschreibung</h4>
-      <p><%= @project['abstractEn'] %></p>
+      <p><%= raw @project['abstractEn'] %></p>
     <% end %>
   <% end %>
 <% end %>