Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

escape title and tags in templates #266

Merged
merged 1 commit into from

3 participants

@keram

hello,

this is minor change just for some purists and bad guys

@travisbot

This pull request fails (merged 9883c14 into 9e58e35).

@parndt parndt merged commit 06fe63e into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Aug 17, 2012
  1. @keram
This page is out of date. Refresh to see the latest.
View
4 app/views/refinery/blog/posts/_nav.html.erb
@@ -1,6 +1,6 @@
<nav id="next_prev_article">
<% if @post.next.present? -%>
- <%= link_to (truncate(@post.next.title) + " &#187;").html_safe,
+ <%= link_to (h(truncate(@post.next.title)) + " &#187;").html_safe,
refinery.blog_post_path(@post.next),
:class => 'next' %>
<% end -%>
@@ -10,7 +10,7 @@
:class => 'home' %>
<% if @post.prev.present? -%>
- <%= link_to ("&#171; " + truncate(@post.prev.title)).html_safe,
+ <%= link_to ("&#171; " + h(truncate(@post.prev.title))).html_safe,
refinery.blog_post_path(@post.prev),
:class => 'prev' %>
<% end -%>
View
2  app/views/refinery/blog/posts/tagged.html.erb
@@ -1,6 +1,6 @@
<% content_for :title, "#{t('.posts_tagged')} '#{@tag_name.titleize}'" %>
-<% content_for :body_content_title, "#{t('.posts_tagged')} &#8220;#{@tag_name.titleize}&#8221;".html_safe -%>
+<% content_for :body_content_title, "#{t('.posts_tagged')} &#8220;#{h(@tag_name.titleize)}&#8221;".html_safe -%>
<% content_for :body do %>
<% if @posts.any? %>
Something went wrong with that request. Please try again.