Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

escape title and tags in templates

  • Loading branch information...
commit 9883c149e539cf4700ad2d9cf33ee012dd3bd750 1 parent 9e58e35
@keram keram authored
View
4 app/views/refinery/blog/posts/_nav.html.erb
@@ -1,6 +1,6 @@
<nav id="next_prev_article">
<% if @post.next.present? -%>
- <%= link_to (truncate(@post.next.title) + " &#187;").html_safe,
+ <%= link_to (h(truncate(@post.next.title)) + " &#187;").html_safe,
refinery.blog_post_path(@post.next),
:class => 'next' %>
<% end -%>
@@ -10,7 +10,7 @@
:class => 'home' %>
<% if @post.prev.present? -%>
- <%= link_to ("&#171; " + truncate(@post.prev.title)).html_safe,
+ <%= link_to ("&#171; " + h(truncate(@post.prev.title))).html_safe,
refinery.blog_post_path(@post.prev),
:class => 'prev' %>
<% end -%>
View
2  app/views/refinery/blog/posts/tagged.html.erb
@@ -1,6 +1,6 @@
<% content_for :title, "#{t('.posts_tagged')} '#{@tag_name.titleize}'" %>
-<% content_for :body_content_title, "#{t('.posts_tagged')} &#8220;#{@tag_name.titleize}&#8221;".html_safe -%>
+<% content_for :body_content_title, "#{t('.posts_tagged')} &#8220;#{h(@tag_name.titleize)}&#8221;".html_safe -%>
<% content_for :body do %>
<% if @posts.any? %>
Please sign in to comment.
Something went wrong with that request. Please try again.