Permalink
Browse files

Merge pull request #103 from seppo0010/xss-injection

Fix XSS injection
  • Loading branch information...
2 parents bb45013 + 4924709 commit 89cde3acc13febff538ee225b66f6f2900e9dea6 @antirez committed Nov 4, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 app.rb
View
2 app.rb
@@ -828,7 +828,7 @@ def application_header
rnavbar = H.nav(:id => "account") {
if $user
H.a(:href => "/user/"+H.urlencode($user['username'])) {
- $user['username']+" (#{$user['karma']})"
+ H.entities $user['username']+" (#{$user['karma']})"
}+" | "+
H.a(:href =>
"/logout?apisecret=#{$user['apisecret']}") {

0 comments on commit 89cde3a

Please sign in to comment.