Permalink
Browse files

HTML Safe bug fixed.

  • Loading branch information...
1 parent 8e4d10c commit 5cecf30068545776ad95d8942395761537bd40ea @huacnlee committed Sep 5, 2011
Showing with 7 additions and 7 deletions.
  1. +2 −2 app/helpers/asks_helper.rb
  2. +2 −2 app/helpers/topics_helper.rb
  3. +3 −3 app/helpers/users_helper.rb
View
4 app/helpers/asks_helper.rb
@@ -7,7 +7,7 @@ def topics_name_tag(topics,limit = 20)
topics = topics[0,limit]
end
for topic in topics
- html << "<a class=\"topic\" href=\"/topics/#{topic}\">#{topic}</a>"
+ html << "<a class=\"topic\" href=\"/topics/#{topic}\">#{h(topic)}</a>"
end
return raw html.join("")
end
@@ -18,7 +18,7 @@ def ask_title_tag(ask, options = {})
if !ask.to_user.blank?
prefix = "#{ask.to_user.name}"
end
- raw "<a href=\"/asks/#{ask.id}\" class=\"#{class_name}\">#{prefix}#{ask.title}</a>"
+ raw "<a href=\"/asks/#{ask.id}\" class=\"#{class_name}\">#{h(prefix)}#{h(ask.title)}</a>"
end
def md_body(str)
View
4 app/helpers/topics_helper.rb
@@ -2,12 +2,12 @@ module TopicsHelper
def topic_name_tag(topic, options = {})
limit = options[:limit] || 10
prefix = options[:prefix] || ''
- raw "<a href='#{topic_path(topic.name)}' title='#{topic.name}'>#{prefix}#{topic.name}</a>"
+ raw "<a href='#{topic_path(topic.name)}' title='#{h(topic.name)}'>#{prefix}#{h(topic.name)}</a>"
end
def topic_cover_tag(topic, size, options = {})
limit = options[:limit] || 10
url = eval("topic.cover.#{size}.url")
- raw "<a href='#{topic_path(topic.name)}' title='#{topic.name}'>#{image_tag(url, :class => size)}</a>"
+ raw "<a href='#{topic_path(topic.name)}' title='#{h(topic.name)}'>#{image_tag(url, :class => size)}</a>"
end
end
View
6 app/helpers/users_helper.rb
@@ -6,7 +6,7 @@ def user_name_tag(user, options = {})
return "匿名用户" if !user.deleted.blank?
return user.name if user.slug.blank?
url = options[:url] == true ? user_url(user.slug) : user_path(user.slug)
- raw "<a#{options[:is_notify] == true ? " onclick=\"mark_notifies_as_read(this, '#{options[:notify].id}');\"" : ""} href=\"#{url}\" class=\"user\" title=\"#{user.name}\">#{user.name}</a>"
+ raw "<a#{options[:is_notify] == true ? " onclick=\"mark_notifies_as_read(this, '#{options[:notify].id}');\"" : ""} href=\"#{url}\" class=\"user\" title=\"#{h(user.name)}\">#{h(user.name)}</a>"
end
def user_avatar_tag(user,size)
@@ -17,7 +17,7 @@ def user_avatar_tag(user,size)
if url.blank?
url = ""
end
- raw "<a href=\"#{user_path(user.slug)}\" class=\"user\" title=\"#{user.name}\">#{image_tag(url, :class => size)}</a>"
+ raw "<a href=\"#{user_path(user.slug)}\" class=\"user\" title=\"#{h(user.name)}\">#{image_tag(url, :class => size)}</a>"
else
raw image_tag("avatar/#{size.to_s}.jpg", :title => "匿名用户")
end
@@ -27,7 +27,7 @@ def user_tagline_tag(user,options = {})
return "" if user.blank?
prefix = options[:prefix] || ""
return "" if user.tagline.blank?
- raw "#{prefix}#{truncate(user.tagline, :length => 30)}"
+ raw "#{prefix}#{h(truncate(user.tagline, :length => 30))}"
end
def user_sex_title(user)

0 comments on commit 5cecf30

Please sign in to comment.