Skip to content

Commit

Permalink
Escape content and mark known link as HTML safe to prevent it being e…
Browse files Browse the repository at this point in the history 
…scaped.
  • Loading branch information
@crowbot
crowbot committed Apr 8, 2013
1 parent 8021184 commit e283db7
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/views/admin_request/show.rhtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@
</td>
<td>
<% if column_name == 'body' %>
<%= simple_format(truncate(outgoing_message.body, :length => 400, :omission => link_to("...", "#", :class => "toggle-hidden" ))) %>
<%= simple_format(truncate(h(outgoing_message.body), :length => 400, :omission => link_to("...", "#", :class => "toggle-hidden" )).html_safe) %>
<div style="display:none;"><%= simple_format( outgoing_message.body ) %></div>
<% else %>
<%= admin_value(value) %>
Expand Down Expand Up @@ -303,7 +303,7 @@
</td>
<td>
<% if column_name =~ /^cached_.*?$/ %>
<%= simple_format( truncate(value, :length => 400, :omission => link_to("...", "#", :class => "toggle-hidden"))) %>
<%= simple_format( truncate(h(value), :length => 400, :omission => link_to("...", "#", :class => "toggle-hidden")).html_safe) %>
<div style="display:none;"><%= simple_format(value) %></div>
<% else %>
<%= simple_format(value) %>
Expand Down

0 comments on commit e283db7

Please sign in to comment.