Skip to content
This repository has been archived by the owner on May 18, 2020. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Escape html to prevent XSS
  • Loading branch information
awakia committed Nov 8, 2015
1 parent 3846fc1 commit f41efbc
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
3 changes: 3 additions & 0 deletions Gemfile
Expand Up @@ -23,6 +23,9 @@ gem "engtagger"
gem "faraday"
gem "faraday_middleware"

# 自動HTMLエスケープ
gem "erubis"

# JSON
gem "json"

Expand Down
5 changes: 5 additions & 0 deletions main.rb
Expand Up @@ -7,6 +7,11 @@
require 'sinatra/reloader'
end

# ERBテンプレートで変数を自動エスケープ
# cf. http://www.sinatrarb.com/faq.html#auto_escape_html
require 'erubis'
set :erb, :escape_html => true

# クラス
require './class/vine.rb'
require './class/itunes.rb'
Expand Down

0 comments on commit f41efbc

Please sign in to comment.