ankane
commented
2 years ago Hey @dorianmariefr, thanks for the PR! Let's escape the nonce with ERB::Util.html_escape to prevent injection.
Closed dorianmariecom closed 2 years ago
ankane
commented
2 years ago Hey @dorianmariefr, thanks for the PR! Let's escape the nonce with ERB::Util.html_escape to prevent injection.
dorianmariecom
commented
2 years ago @ankane thanks, good idea, done
ankane
commented
2 years ago Great, thanks @dorianmariefr!
ankane
commented
2 years ago Also added a vega_chart helper that'll add it automatically when Rails is configured to add it. 9c7b47b13ac2c13734b75d275d062129381f1f99
dorianmariecom
commented
2 years ago nice, thanks
@ankane any chance this can get merged?