From e85656b84c182a909b986c8e488da626ffe59206 Mon Sep 17 00:00:00 2001
From: Sean Aery <sean.aery@duke.edu>
Date: Thu, 30 Jan 2025 10:46:03 -0500
Subject: [PATCH] Strip markup from html_safe selected facet values in the html
 title. (#3503)

- E.g., span/data-attributes rendered for selected range facet values by blacklight_range_limit
- Does not affect typical values that are not marked html_safe
- Fixes #2707
- Fixes https://github.com/projectblacklight/blacklight_range_limit/issues/189
---
 app/helpers/blacklight/catalog_helper_behavior.rb | 6 +++++-
 spec/helpers/catalog_helper_spec.rb               | 8 ++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/helpers/blacklight/catalog_helper_behavior.rb b/app/helpers/blacklight/catalog_helper_behavior.rb
index 034c3406fc..fbd1576ee7 100644
--- a/app/helpers/blacklight/catalog_helper_behavior.rb
+++ b/app/helpers/blacklight/catalog_helper_behavior.rb
@@ -142,7 +142,11 @@ def render_search_to_page_title_filter(facet, values)
     facet_config = facet_configuration_for_field(facet)
     filter_label = facet_field_label(facet_config.key)
     filter_value = if values.size < 3
-                     values.map { |value| facet_item_presenter(facet_config, value, facet).label }.to_sentence
+                     values.map do |value|
+                       label = facet_item_presenter(facet_config, value, facet).label
+                       label = strip_tags(label) if label.html_safe?
+                       label
+                     end.to_sentence
                    else
                      t('blacklight.search.page_title.many_constraint_values', values: values.size)
                    end
diff --git a/spec/helpers/catalog_helper_spec.rb b/spec/helpers/catalog_helper_spec.rb
index 0c2a265a35..b54758c249 100644
--- a/spec/helpers/catalog_helper_spec.rb
+++ b/spec/helpers/catalog_helper_spec.rb
@@ -261,6 +261,14 @@ def mock_response args
     it "renders a facet with more than two values" do
       expect(helper.render_search_to_page_title_filter('foo', %w[bar baz foobar])).to eq "Foo: 3 selected"
     end
+
+    it "strips tags from html_safe values" do
+      expect(helper.render_search_to_page_title_filter('Year', ['<span class="from" data-blrl-begin="1990">1990</span> to <span class="to" data-blrl-end="1999">1999</span>'.html_safe])).to eq "Year: 1990 to 1999"
+    end
+
+    it "does not strip tags from non-html_safe values" do
+      expect(helper.render_search_to_page_title_filter('Folder', ['Some > Nested > <span>Hierarchy</span>'])).to eq "Folder: Some > Nested > <span>Hierarchy</span>"
+    end
   end
 
   describe "#render_search_to_page_title" do