Fixed Liquid provider to sanitize HTML content

Ensures rendering of Liquid templates are sanitized before final output is generated. This also improves consistency across the application (especially when rendering screens for devices (which has had this capability for a while).

Milestone: patch

Author: bkuhlmann

config/providers/liquid.rb

@@ -7,7 +7,7 @@
     default = TRMNL::Liquid.new { |environment| environment.error_mode = :strict }
 
     renderer = lambda do |template, data, environment: default|
-      Liquid::Template.parse(template, environment:).render data
+      slice["aspects.sanitizer"].call Liquid::Template.parse(template, environment:).render(data)
     end
 
     register :default, renderer

spec/app/aspects/extensions/renderers/image_spec.rb

@@ -20,7 +20,9 @@
     it "renders template with single URI" do
       expect(renderer.call(extension, context:)).to be_success(
         Terminus::Aspects::Extensions::Capsule[
-          content: %(<img src="https://test.io/test.png" alt="Image">)
+          content: <<~CONTENT.strip
+            <html><head></head><body><img src="https://test.io/test.png" alt="Image"></body></html>
+          CONTENT
         ]
       )
     end
@@ -35,9 +37,10 @@
 
       expect(renderer.call(extension, context:)).to be_success(
         Terminus::Aspects::Extensions::Capsule[
-          content: <<~CONTENT
-            <img src="https://test.io/one.png" alt="Image">
+          content: <<~CONTENT.strip
+            <html><head></head><body><img src="https://test.io/one.png" alt="Image">
             <img src="https://test.io/two.png" alt="Image">
+            </body></html>
           CONTENT
         ]
       )

spec/app/aspects/extensions/renderers/poll_spec.rb

@@ -42,7 +42,13 @@
 
       expect(renderer.call(extension, context:)).to be_success(
         Terminus::Aspects::Extensions::Capsule[
-          content: %(<h1>Test Label</h1>\n\n  <p>Test: A test.</p>\n\n)
+          content: <<~CONTENT.strip
+            <html><head></head><body><h1>Test Label</h1>
+
+              <p>Test: A test.</p>
+
+            </body></html>
+          CONTENT
         ]
       )
     end
@@ -67,11 +73,12 @@
       end
 
       it "answers render template and captures errors" do
-        html = <<~CONTENT
-          <h1>Test Label</h1>
+        html = <<~CONTENT.strip
+          <html><head></head><body><h1>Test Label</h1>
           <p>Test</p>
 
           <p>Test</p>
+          </body></html>
         CONTENT
 
         expect(renderer.call(extension, context:)).to be_failure(

spec/app/aspects/extensions/renderers/static_spec.rb

@@ -30,7 +30,15 @@
 
       expect(renderer.call(extension, context:)).to be_success(
         Terminus::Aspects::Extensions::Capsule[
-          content: %(<h1>Days</h1>\n\n  <p>One</p>\n\n  <p>Two</p>\n\n)
+          content: <<~CONTENT.strip
+            <html><head></head><body><h1>Days</h1>
+
+              <p>One</p>
+
+              <p>Two</p>
+
+            </body></html>
+          CONTENT
         ]
       )
     end