Skip to content
Browse files

Fix XSS injection (reported on http://lamernews.com/news/439 )

  • Loading branch information...
1 parent bb45013 commit 49247093f6457d3a82741c3ac3457ecfc2dcf42a @seppo0010 seppo0010 committed
Showing with 1 addition and 1 deletion.
  1. +1 −1 app.rb
View
2 app.rb
@@ -828,7 +828,7 @@ def application_header
rnavbar = H.nav(:id => "account") {
if $user
H.a(:href => "/user/"+H.urlencode($user['username'])) {
- $user['username']+" (#{$user['karma']})"
+ H.entities $user['username']+" (#{$user['karma']})"
}+" | "+
H.a(:href =>
"/logout?apisecret=#{$user['apisecret']}") {

0 comments on commit 4924709

Please sign in to comment.
Something went wrong with that request. Please try again.