fix xss vulnerability in display class

jaanek · Apr 21, 2015 · 54766f3 · 54766f3
1 parent 8bf6fd4
commit 54766f3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/web/views/queue.erb b/web/views/queue.erb
@@ -19,7 +19,7 @@
   </thead>
   <% @messages.each_with_index do |msg, index| %>
     <tr>
-      <td><%= msg.display_class %></td>
+      <td><%= h(msg.display_class) %></td>
       <td>
         <% a = msg.display_args.inspect %>
         <% if a.size > 100 %>