Use HTML sanatizer to harden HTML rendering on log_details page

Should be more safe than use |raw directly and for these smalls things performance hit is zero.
2026-06-19 09:01:33 +00:00 · 2026-06-10 23:43:07 +02:00 · 2026-06-10 23:43:07 +02:00 · 8421636b1c
commit 8421636b1c
parent b357ee196c
4 changed files with 80 additions and 5 deletions
--- a/templates/log_system/details/log_details.html.twig
+++ b/templates/log_system/details/log_details.html.twig
@ -58,7 +58,7 @@
        </tr>
        <tr>
            <td>{% trans %}log.target{% endtrans %}</td>
-            <td>{{ target_html|raw }}</td>
+            <td>{{ target_html|sanitize_html }}</td>
        </tr>
    </table>

@ -111,7 +111,7 @@
        {%  elseif log_entry is instanceof('App\\Entity\\LogSystem\\CollectionElementDeleted') %}
                {% include "log_system/details/_extra_collection_element_deleted.html.twig" %}
        {% else %}
-            {{ extra_html | raw }}
+            {{ extra_html | sanitize_html }}
        {% endif %}
    </div>
-{% endblock %}
+{% endblock %}