Permalink
Browse files

Escape convo name in meta and title tags. Escape about_me info in use…

…r profile
  • Loading branch information...
1 parent 81b1077 commit aa71e64e4f75f82fc9a20b9443e8a9fb62308e2a @crossblaim crossblaim committed Sep 16, 2009
@@ -4,8 +4,8 @@
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta name="Description" content="invite your friends to: <%=@conversation.name-%> | EchoWaves (Social Group Chat)">
- <title>invite your friends to: <%=@conversation.name-%> | EchoWaves (Social Group Chat)</title>
+ <meta name="Description" content="invite your friends to: <%=h @conversation.name -%> | EchoWaves (Social Group Chat)">
+ <title>invite your friends to: <%=h @conversation.name -%> | EchoWaves (Social Group Chat)</title>
<link rel="shortcut icon" href="/favicon.ico" />
<link rel="stylesheet" href="/stylesheets/screen.css" type="text/css" media="screen, projection">
@@ -4,8 +4,8 @@
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta name="Description" content="Opensource Social Group Chat written in Ruby On Rails, Conversation: <%= @conversation.name %>">
- <title><%=@conversation.name-%> | EchoWaves (Social Group Chat)</title>
+ <meta name="Description" content="Opensource Social Group Chat written in Ruby On Rails, Conversation: <%=h @conversation.name %>">
+ <title><%=h @conversation.name -%> | EchoWaves (Social Group Chat)</title>
<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/stylesheets/screen.css" type="text/css" media="screen, projection">
@@ -4,8 +4,8 @@
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta name="Description" content="<%= @message.message[0..60] + '-' + (session[:locale] ? session[:locale] : '') %>" >
- <title><%= @message.message[0..60] -%> | message on EchoWaves (Social Group Chat) - <%= session[:locale]%></title>
+ <meta name="Description" content="<%=h @message.message[0..60] + '-' + (session[:locale] ? session[:locale] : '') %>" >
+ <title><%=h @message.message[0..60] -%> | message on EchoWaves (Social Group Chat) - <%= session[:locale]%></title>
<link rel="shortcut icon" href="/favicon.ico" />
<link rel="stylesheet" href="/stylesheets/screen.css" type="text/css" media="screen, projection">
@@ -4,8 +4,8 @@
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta name="Description" content="<%= @user ? @user.name_and_nick : 'Users' -%> | EchoWaves (Social Group Chat) <%= @tag -%>" >
- <title><%= @user ? @user.name_and_nick : "Users" -%> | EchoWaves (Social Group Chat) <%= @tag -%></title>
+ <meta name="Description" content="<%=h @user ? @user.name_and_nick : 'Users' -%> | EchoWaves (Social Group Chat) <%= @tag -%>" >
+ <title><%=h @user ? @user.name_and_nick : "Users" -%> | EchoWaves (Social Group Chat) <%= @tag -%></title>
<link rel="shortcut icon" href="/favicon.ico" />
<link rel="stylesheet" href="/stylesheets/screen.css" type="text/css" media="screen, projection">
@@ -11,7 +11,7 @@
</div>
<span class="username">
- <%=link_to h(@user.login), user_path(@user) %>
+ <%= link_to h(@user.login), user_path(@user) %>
<% if logged_in? && @user && @current_user == @user %>
<%= link_to t("ui.edit_profile"), edit_user_path(current_user) %>
<% end %>
@@ -35,10 +35,10 @@
<div class="notice">
<b>The information in this yellow box is private and only you can see it:</b><br/>
Your API key: <%= @user.single_access_token %><br/>
- Your email address: <%= @user.email %>
+ Your email address: <%=h @user.email %>
</div>
<% end %>
<% unless @user.about.blank? %>
- <div class="notice about"><%= @user.about %></div>
+ <div class="notice about"><%=h @user.about %></div>
<% end %>

0 comments on commit aa71e64

Please sign in to comment.