Skip to content

Commit

Permalink
Queue name xss, fixes sidekiq#2330
Browse files Browse the repository at this point in the history
  • Loading branch information
@mperham
mperham committed May 4, 2015
1 parent a695ff3 commit 2178d66
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion web/views/queue.erb
View file
@@ -1,7 +1,7 @@
<header class="row">
<div class="col-sm-5">
<h3>
<%= t('CurrentMessagesInQueue', :queue => @name) %>
<%= t('CurrentMessagesInQueue', :queue => h(@name)) %>
<% if @queue.paused? %>
<span class="label label-danger"><%= t('Paused') %></span>
<% end %>
Expand Down
2 changes: 1 addition & 1 deletion web/views/queues.erb
View file
Expand Up @@ -17,7 +17,7 @@
<td><%= number_with_delimiter(queue.size) %> </td>
<td width="20%">
<form action="<%=root_path %>queues/<%= queue.name %>" method="post">
<input class="btn btn-danger btn-xs" type="submit" name="delete" value="<%= t('Delete') %>" data-confirm="<%= t('AreYouSureDeleteQueue', :queue => queue.name) %>" />
<input class="btn btn-danger btn-xs" type="submit" name="delete" value="<%= t('Delete') %>" data-confirm="<%= t('AreYouSureDeleteQueue', :queue => h(queue.name)) %>" />
</form>
</td>
</tr>
Expand Down

0 comments on commit 2178d66

Please sign in to comment.