Skip to content
Permalink
Browse files

Security Fix again, thanks to Yasin Soliman

  • Loading branch information...
PierreRambaud committed Nov 14, 2017
1 parent 52b9d60 commit 9659f9b7ce15a723da8e361bd41b9203b19c97de
Showing with 13 additions and 2 deletions.
  1. +1 −1 Gemfile.lock
  2. +11 −0 lib/gemirro/server.rb
  3. +1 −1 views/gem.erb
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
gemirro (0.14.0)
gemirro (0.15.0)
builder (~> 3.2)
confstruct (~> 1.0)
erubis (~> 2.7)
@@ -1,5 +1,6 @@
require 'sinatra/base'
require 'thin'
require 'uri'

module Gemirro
##
@@ -271,6 +272,16 @@ def spec_for(gemname, version, platform = 'ruby')
def escape(string)
Rack::Utils.escape_html(string)
end

##
# Homepage link
#
# @param [Gem] spec
# @return [String]
#
def homepage(spec)
URI.parse(URI.escape(spec.homepage))
end
end
end
end
@@ -31,7 +31,7 @@
<ul class="list-group">
<% spec.authors.each do |author| %>
<li class="list-group-item">
<a href="<%= escape(spec.homepage) %>"><%= escape(author) %></a>
<a href="<%= homepage(spec) %>"><%= escape(author) %></a>
</li>
<% end %>
</ul>

0 comments on commit 9659f9b

Please sign in to comment.
You can’t perform that action at this time.