Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Haml's HTML escaping option was not on, leaving the site open for xss attacks. This would seem to fix it.
- Loading branch information
22edec5
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I was under the impression rails_xss applied 100% to haml as well in Rails3