Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Merge pull request #266 from Nethemba/for_purists

escape title and tags in templates
  • Loading branch information...
commit 06fe63e5f02dc98c0573d497cad145538db97bf2 2 parents 9e58e35 + 9883c14
Philip Arndt authored August 17, 2012
4  app/views/refinery/blog/posts/_nav.html.erb
... ...
@@ -1,6 +1,6 @@
1 1
 <nav id="next_prev_article">
2 2
   <% if @post.next.present? -%>
3  
-    <%= link_to (truncate(@post.next.title) + " &#187;").html_safe, 
  3
+    <%= link_to (h(truncate(@post.next.title)) + " &#187;").html_safe, 
4 4
                 refinery.blog_post_path(@post.next), 
5 5
                 :class => 'next' %>
6 6
   <% end -%>
@@ -10,7 +10,7 @@
10 10
               :class => 'home' %>
11 11
 
12 12
   <% if @post.prev.present? -%>
13  
-    <%= link_to ("&#171; " + truncate(@post.prev.title)).html_safe, 
  13
+    <%= link_to ("&#171; " + h(truncate(@post.prev.title))).html_safe, 
14 14
                 refinery.blog_post_path(@post.prev), 
15 15
                 :class => 'prev' %>
16 16
   <% end -%>
2  app/views/refinery/blog/posts/tagged.html.erb
... ...
@@ -1,6 +1,6 @@
1 1
 <% content_for :title, "#{t('.posts_tagged')} '#{@tag_name.titleize}'"  %>
2 2
 
3  
-<% content_for :body_content_title, "#{t('.posts_tagged')} &#8220;#{@tag_name.titleize}&#8221;".html_safe -%>
  3
+<% content_for :body_content_title, "#{t('.posts_tagged')} &#8220;#{h(@tag_name.titleize)}&#8221;".html_safe -%>
4 4
 
5 5
 <% content_for :body do %>
6 6
   <% if @posts.any? %>

0 notes on commit 06fe63e

Please sign in to comment.
Something went wrong with that request. Please try again.