PUI "request" button displays note HTML

Description

On sites with the PUI "Request" button, a note with HTML, especially an HREF tag, the button ends up choking on that because the HTML isn't sanitized.

e.g.

add a note like:
"Click <a href="http://google.com">Here</a> to learn about something"
and the button ends up like:
<input type="hidden" name="restrict" value="Click <a href="http://google.com">Here</a> to learn about something""&gt;

So that input is trying to show the HTML and that breaks things.

Appears to happen here:
https://github.com/archivesspace/archivesspace/blob/master/public/app/views/shared/_request_hiddens.html.erb

Environment

None

Assignee

Unassigned

Reporter

Blake Carver

Labels

Priority

Major
Configure