@@ -12,7 +12,7 @@ module ApplicationHelper def flash_messages messages = [] %w(notice warning error).each do |msg| - messages << content_tag(:div, flash[msg.to_sym], :id => "flash-#{msg}") unless flash[msg.to_sym].blank? + messages << content_tag(:div, html_escape(flash[msg.to_sym]), :id => "flash-#{msg}") unless flash[msg.to_sym].blank? end messages end app/helpers/application_helper.rb b23b50865bc019da2cfca2372e4adf9628fb2580 Jim Neath jim@virtuaffinity.net http://github.com/fudgestudios/bort/commit/7c2121bee10961e5c118a6af354a371f7fa71600 7c2121bee10961e5c118a6af354a371f7fa71600 2008-11-08T01:21:47-08:00 2008-11-08T01:21:47-08:00 Fixed XSS vunerability in user login. See: http://bort.uservoice.com/pages/general/suggestions/65573 bbb94f7b6021965eb6310db5e8cb46d8337725c5 Jim Neath jim@virtuaffinity.net