Permalink
Browse files

make sure to html_escape file to avoid XSS (bnc#771840)

  • Loading branch information...
1 parent 68bbd10 commit 90e905b7668a1cc884fb70040f96c7a0a287de48 Christoph Thiel committed Aug 23, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 crowbar_framework/app/views/support/index.html.haml
@@ -14,7 +14,7 @@
%li
-if @file==file
%em#new= t('new')
- %a{:href=>"/export/#{file}"}
+ %a{:href=>"/export/#{Haml::Helpers.html_escape file}"}
= file
= link_to image_tag('/images/icons/delete.png'), utils_files_path(:id => file), :title=>t('.delete_hint')

0 comments on commit 90e905b

Please sign in to comment.