From 15dfd9ce2ea88ad8817b010ea7e1f8a066ddd134 Mon Sep 17 00:00:00 2001
From: Nils Rauch <nils.rauch@gmail.com>
Date: Fri, 27 Oct 2023 12:14:36 +0200
Subject: [PATCH] Make educations columns html safe after sanitizing
 qualification kind label

---
 app/helpers/group_educations_helper.rb | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/helpers/group_educations_helper.rb b/app/helpers/group_educations_helper.rb
index 326ce71d..0bc6ebc8 100644
--- a/app/helpers/group_educations_helper.rb
+++ b/app/helpers/group_educations_helper.rb
@@ -14,10 +14,11 @@ def joined_qualification_kind_labels(person)
       reverse.
       uniq(&:qualification_kind).
       collect do |q|
-        label = "#{q.qualification_kind.label} #{format_attr(q, :finish_at)}".strip
+        label = "#{h(q.qualification_kind.label)} #{format_attr(q, :finish_at)}".strip
         content_tag(:span, label, class: qualification_label_class(q))
       end.
-      join('<br/>')
+      join('<br/>').
+      html_safe
   end
 
   def joined_event_participations(person)
@@ -30,7 +31,8 @@ def joined_event_participations(person)
       collect do |p|
         format_open_participation_event(p)
       end.
-      join(', ')
+      join(', ').
+      html_safe
   end
 
   def format_open_participation_event(participation)