escape html to keep the document valid regardless of weird string input

halorgium · Dec 16, 2009 · 6ea93bb · 6ea93bb
1 parent 15974b3
commit 6ea93bb
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/Gemfile b/Gemfile
@@ -4,7 +4,6 @@ only :release do
 end
 
 only :development do
-  gem 'mg'
   gem 'yard'
   gem 'jeweler'
 end
@@ -14,4 +13,3 @@ only :test do
   gem 'nokogiri'
   gem 'test-unit', :require_as => 'test/unit'
 end
-
diff --git a/lib/toadhopper.rb b/lib/toadhopper.rb
@@ -5,7 +5,7 @@
 
 # Posts errors to the Hoptoad API
 class ToadHopper
-  VERSION = "0.9.1"
+  VERSION = "0.9.2"
 
   # Hoptoad API response
   class Response < Struct.new(:status, :body, :errors); end
@@ -15,7 +15,7 @@ class Response < Struct.new(:status, :body, :errors); end
   def initialize(api_key)
     @api_key = api_key
   end
-  
+
   # Sets patterns to +[FILTER]+ out sensitive data such as +/password/+, +/email/+ and +/credit_card_number/+
   def filters=(*filters)
     @filters = filters.flatten
@@ -94,14 +94,14 @@ def document_for(exception, options={})
       :project_root     => Dir.pwd
     }.merge(options)
 
-    Haml::Engine.new(notice_template).render(Object.new, defaults)
+    Haml::Engine.new(notice_template, :escape_html => true).render(Object.new, defaults)
   end
-  
+
   # @private
   def backtrace_line(line)
     Struct.new(:file, :number, :method).new(*line.match(%r{^([^:]+):(\d+)(?::in `([^']+)')?$}).captures)
   end
-  
+
   # @private
   def notice_template
     File.read(::File.join(::File.dirname(__FILE__), 'notice.haml'))