From a662dcd13c0d4f55d8cc4421b3e627b913a43e55 Mon Sep 17 00:00:00 2001
From: Harry Gabriel <rootdesign@gmail.com>
Date: Sat, 21 May 2016 19:14:39 +0200
Subject: [PATCH] remove HTML tags with sanitize

---
 Gemfile                       | 1 +
 lib/redmine_slack/listener.rb | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/Gemfile b/Gemfile
index 9fcac66..344cbea 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,3 +1,4 @@
 source 'https://rubygems.org'
 
 gem "httpclient"
+gem "sanitize"
diff --git a/lib/redmine_slack/listener.rb b/lib/redmine_slack/listener.rb
index 2e6c994..c9460a1 100644
--- a/lib/redmine_slack/listener.rb
+++ b/lib/redmine_slack/listener.rb
@@ -1,4 +1,5 @@
 require 'httpclient'
+require 'sanitize'
 
 class SlackListener < Redmine::Hook::Listener
 	def controller_issues_new_after_save(context={})
@@ -163,6 +164,7 @@ def speak(msg, channel, attachment=nil, url=nil)
 private
 	def escape(msg)
 		msg.to_s.gsub("&", "&amp;").gsub("<", "&lt;").gsub(">", "&gt;")
+		Sanitize.clean(msg)
 	end
 
 	def object_url(obj)