From 389f1d528e4b37a19e10f595b2f042b3f7a03b9f Mon Sep 17 00:00:00 2001
From: Arnaud Levy <contact@arnaudlevy.com>
Date: Wed, 6 Jul 2022 17:54:12 +0200
Subject: [PATCH] code  embed

---
 app/models/communication/block/component/code.rb            | 6 +-----
 .../communication/blocks/templates/embed/_edit.html.erb     | 5 +++++
 config/locales/communication/en.yml                         | 1 +
 config/locales/communication/fr.yml                         | 1 +
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/app/models/communication/block/component/code.rb b/app/models/communication/block/component/code.rb
index 6103aa8e6..9e7833203 100644
--- a/app/models/communication/block/component/code.rb
+++ b/app/models/communication/block/component/code.rb
@@ -1,8 +1,4 @@
 class Communication::Block::Component::Code < Communication::Block::Component::Base
 
-    def data=(value)
-      @data = Osuny::Sanitizer.sanitize value, 'text'
-    end
-  
-  end
+end
   
\ No newline at end of file
diff --git a/app/views/admin/communication/blocks/templates/embed/_edit.html.erb b/app/views/admin/communication/blocks/templates/embed/_edit.html.erb
index 5a93367a4..a80ac1993 100644
--- a/app/views/admin/communication/blocks/templates/embed/_edit.html.erb
+++ b/app/views/admin/communication/blocks/templates/embed/_edit.html.erb
@@ -1,3 +1,8 @@
+<div class="row">
+  <div class="col-md-6">
+    <p class="text-danger lead"><%= t '.warning' %></p>
+  </div>
+</div>
 <div class="row">
   <div class="col-md-6">
     <%= block_component_edit :code %>
diff --git a/config/locales/communication/en.yml b/config/locales/communication/en.yml
index 9e5ff82da..b5e6644ce 100644
--- a/config/locales/communication/en.yml
+++ b/config/locales/communication/en.yml
@@ -218,6 +218,7 @@ en:
               iframe_title:
                 label: Iframe title (mandatory for accessibility)
                 placeholder: Enter the title
+              warning: Beware, the code below is used as is, without any security filtering. Be extremely careful and never integrate possibly unreliable code.
           files:
             description: A list of downloadable files, mentioning their file size.
             edit:
diff --git a/config/locales/communication/fr.yml b/config/locales/communication/fr.yml
index e7d418ad4..336003335 100644
--- a/config/locales/communication/fr.yml
+++ b/config/locales/communication/fr.yml
@@ -218,6 +218,7 @@ fr:
               iframe_title:
                 label: Titre de l'iframe (nécessaire pour l'accessibilité)
                 placeholder: Entrer le titre
+              warning: Attention, le code ci-dessous est intégré tel quel, sans filtrage de sécurité. N'intégrez jamais de code externe dont la fiabilité n'est pas certaine.
           files:
             description: Une liste de fichiers téléchargeables, présentés avec leur poids.
             edit:
-- 
GitLab