From b03a69e87ce419a382c3562f25da685b5d80a5e1 Mon Sep 17 00:00:00 2001
From: Karel Picman <karel.picman@kontron.com>
Date: Tue, 23 Aug 2016 09:32:47 +0200
Subject: [PATCH] HTML tags in the document description breaks UI #566

---
 app/models/dmsf_file_revision.rb | 5 +++--
 app/views/dmsf/_file.html.erb    | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/models/dmsf_file_revision.rb b/app/models/dmsf_file_revision.rb
index 310e4174..2b27bcef 100644
--- a/app/models/dmsf_file_revision.rb
+++ b/app/models/dmsf_file_revision.rb
@@ -22,6 +22,7 @@
 require 'digest/md5'
 
 class DmsfFileRevision < ActiveRecord::Base
+
   unloadable
   belongs_to :dmsf_file
   belongs_to :source_revision, :class_name => 'DmsfFileRevision', :foreign_key => 'source_dmsf_file_revision_id'
@@ -288,10 +289,10 @@ class DmsfFileRevision < ActiveRecord::Base
     text = ''
     text = self.description if self.description.present?
     if self.comment.present?
-      text += '&#xA;' if text.present?
+      text += ' / ' if text.present?
       text += self.comment
     end
-    text.html_safe
+    ActionView::Base.full_sanitizer.sanitize(text)
   end
 
 end
\ No newline at end of file
diff --git a/app/views/dmsf/_file.html.erb b/app/views/dmsf/_file.html.erb
index 951b8e01..f111055b 100644
--- a/app/views/dmsf/_file.html.erb
+++ b/app/views/dmsf/_file.html.erb
@@ -33,7 +33,7 @@
     file_view_url,
     :target => '_blank',
     :class => "icon icon-file #{DmsfHelper.filetype_css(file.name)}",
-    :title => file.last_revision.try(:tooltip),
+    :title => h(file.last_revision.try(:tooltip)),
     'data-downloadurl' => "#{file.last_revision.detect_content_type}:#{h(file.name)}:#{file_view_url}") %>
   <div class="dmsf_filename" title="<%= l(:title_filename_for_download)%>"><%= h(link ? link.path : file.display_name) %></div>
   <%= '</span>'.html_safe if @tree_view %>