Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge branch 'fix-xss-vulnerabilities'
  • Loading branch information
ezwelty committed Mar 7, 2022
2 parents d02c2e0 + e4b63bc commit 15adb8e
Show file tree
Hide file tree
Showing 6 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion app/views/changes/index.html.erb
Expand Up @@ -27,7 +27,7 @@ last_days_ago = nil
last_days_ago = c["days_ago"]
end
%>
<%= raw header %>
<%= header.html_safe %>
<% unless c["location_id"].nil? %>
<%= link_to location_path(c["location_id"]) do %>
<span><%= types.nil? ? translate("glossary.unknown") : types %></span>
Expand Down
4 changes: 2 additions & 2 deletions app/views/imports/show.html.erb
Expand Up @@ -26,12 +26,12 @@
<span style="font-size:100%;">
<!-- Comments -->
<% unless @import.comments.blank? %>
<%= raw @import.comments.gsub("\n","<br>") %><br /><br />
<%= ERB::Util.html_escape(@import.comments).gsub("\n", "<br/>").html_safe %><br /><br />
<% end %>

<!-- License -->
<% unless @import.license.blank? %>
<%= raw @import.license.gsub("\n","<br>") %>
<%= ERB::Util.html_escape(@import.license).gsub("\n", "<br/>").html_safe %>
<% else %>
<i><%= translate("pages.datasets.no_license").html_safe %></i>
<% end %>
Expand Down
2 changes: 1 addition & 1 deletion app/views/layouts/application.html.erb
Expand Up @@ -74,7 +74,7 @@
<% end %>
<script type="text/javascript">
host = "<%= host %>";
cats = <%= raw @categories %>;
cats = <%= @categories.map{|c| ERB::Util.html_escape(c)}.to_json.html_safe %>;
// load I18n
I18n.defaultLocale = "<%= I18n.default_locale %>";
I18n.locale = "<%= I18n.locale %>";
Expand Down
4 changes: 2 additions & 2 deletions app/views/pages/datasets.html.erb
Expand Up @@ -42,11 +42,11 @@ Import.order("id").reverse.each do |import|
<td style="display:none;">
<!-- Comments -->
<% unless import.comments.blank? %>
<%= raw import.comments.gsub("\n","<br/>") %><br /><br />
<%= ERB::Util.html_escape(import.comments).gsub("\n", "<br/>").html_safe %><br /><br />
<% end %>
<!-- License -->
<% unless import.license.blank? %>
<%= raw import.license.gsub("\n","<br/>") %>
<%= ERB::Util.html_escape(import.license).gsub("\n", "<br/>").html_safe %>
<% else %>
<i><%= translate("pages.datasets.no_license").html_safe %></i>
<% end %>
Expand Down
2 changes: 1 addition & 1 deletion app/views/types/grow.html.erb
Expand Up @@ -17,7 +17,7 @@
<td style="text-align:right"><%= type.id %></td>
<td>
<% unless type.wikipedia_url.blank? %>
<a href="<%= raw type.wikipedia_url %>" target="_blank"><%= h type.en_name %></a>
<a href="<%= type.wikipedia_url %>" target="_blank"><%= h type.en_name %></a>
<% else %>
<%= type.en_name %>
<% end %>
Expand Down
2 changes: 1 addition & 1 deletion app/views/types/index.html.erb
Expand Up @@ -34,7 +34,7 @@
<td><%= mask_to_array(type.category_mask,Type::Categories).join(", ") %></td>
<td style="text-align:center;">
<% unless type.wikipedia_url.blank? %>
<a href="<%= raw type.wikipedia_url %>" target="_blank">W</a>
<a href="<%= type.wikipedia_url %>" target="_blank">W</a>
<% end %>
</td>
<td><%= link_to 'Edit', edit_type_path(type) %></td>
Expand Down

0 comments on commit 15adb8e

Please sign in to comment.