ウォール: JavaScriptインジェクション対策

hyoshida · Dec 6, 2013 · 0d94841 · 0d94841
1 parent 1f8b23d
commit 0d94841
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -26,7 +26,7 @@ def like_count(clip)
   end
 
   def comment_text_to(comment)
-    raw comment.body
+    h comment.body
   end
 
   def nostyle_like
@@ -64,7 +64,7 @@ def comment_to(comment)
   def uncomment_to(comment)
     options = { remote: true, title: 'コメントを取り消す', class: 'remove' }
     remove_link = link_to(icon_remove + nostyle_remove, uncomment_clip_path(id: comment.clip_id, comment_id: comment.id), options)
-    comment_text_to(comment) + remove_link
+    raw comment_text_to(comment) + remove_link
   end
 
   def follow_to(followable, options={})