diff --git a/app/models/communication/block/component/rich_text.rb b/app/models/communication/block/component/rich_text.rb
index d25c9bbe1b93f4d06511e4a334cdfe20f6885a43..5726cc4543f9444c339a45b2688e96aeb3c818aa 100644
--- a/app/models/communication/block/component/rich_text.rb
+++ b/app/models/communication/block/component/rich_text.rb
@@ -1,7 +1,14 @@
class Communication::Block::Component::RichText < Communication::Block::Component::Base
def data=(value)
- @data = SummernoteCleaner.clean value.to_s
+ @data = clean(value)
end
+ protected
+
+ def clean(value)
+ value = SummernoteCleaner.clean value.to_s
+ value = ActionView::Base.full_sanitizer.sanitize value
+ value
+ end
end
diff --git a/app/services/wordpress.rb b/app/services/wordpress.rb
index d849a2745945ba097e7ae5a58dcfe4d43dc3e1c8..c2089b18223441c45a5f136992b3d67665b66264 100644
--- a/app/services/wordpress.rb
+++ b/app/services/wordpress.rb
@@ -1,7 +1,6 @@
class Wordpress
attr_reader :url
-
def self.clean_string(string)
string = string.gsub(' ', ' ')
string = string.gsub('&', '&')