New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#simple_format is XSS-escaped #1194

Closed
skade opened this Issue Mar 27, 2013 · 1 comment

Comments

Projects
None yet
1 participant
@skade
Member

skade commented Mar 27, 2013

It most likely shouldn't.

Sorry for the brief ticket, I am on the run.

@skade

This comment has been minimized.

Show comment
Hide comment
@skade

skade Mar 27, 2013

Member

simple_format(...).html_safe helps.

Member

skade commented Mar 27, 2013

simple_format(...).html_safe helps.

@nesquena nesquena closed this in f408241 Mar 27, 2013

WaYdotNET added a commit to WaYdotNET/padrino-framework that referenced this issue Mar 28, 2013

Merge remote-tracking branch 'upstream/master' into all-custom-error
* upstream/master:
  Fix "bootstrap.min" path of production environment
  [helpers] Escape text before simple_format
  simple_format should be marked as html_safe (Closes padrino#1194)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment