From 7290309b832a70d0a1a40077d3307b86bd47dbd6 Mon Sep 17 00:00:00 2001
From: Nils Rauch <nils.rauch@gmail.com>
Date: Fri, 27 Oct 2023 12:14:36 +0200
Subject: [PATCH] Make educations columns html safe after sanitizing
 qualification kind label

---
 app/helpers/group_educations_helper.rb       | 8 +++++---
 spec/helpers/group_educations_helper_spec.rb | 1 +
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/helpers/group_educations_helper.rb b/app/helpers/group_educations_helper.rb
index 326ce71d..0bc6ebc8 100644
--- a/app/helpers/group_educations_helper.rb
+++ b/app/helpers/group_educations_helper.rb
@@ -14,10 +14,11 @@ def joined_qualification_kind_labels(person)
       reverse.
       uniq(&:qualification_kind).
       collect do |q|
-        label = "#{q.qualification_kind.label} #{format_attr(q, :finish_at)}".strip
+        label = "#{h(q.qualification_kind.label)} #{format_attr(q, :finish_at)}".strip
         content_tag(:span, label, class: qualification_label_class(q))
       end.
-      join('<br/>')
+      join('<br/>').
+      html_safe
   end
 
   def joined_event_participations(person)
@@ -30,7 +31,8 @@ def joined_event_participations(person)
       collect do |p|
         format_open_participation_event(p)
       end.
-      join(', ')
+      join(', ').
+      html_safe
   end
 
   def format_open_participation_event(participation)
diff --git a/spec/helpers/group_educations_helper_spec.rb b/spec/helpers/group_educations_helper_spec.rb
index d8cbe8fd..e9004161 100644
--- a/spec/helpers/group_educations_helper_spec.rb
+++ b/spec/helpers/group_educations_helper_spec.rb
@@ -14,6 +14,7 @@
   include LayoutHelper
   include UtilityHelper
   include QualificationsHelper
+  include ERB::Util
 
   subject { joined_qualification_kind_labels(user) }