Skip to content
Browse files

Fixed permature sanitization with auto_link, which doesn't return htm…

…l_safe strings by default
  • Loading branch information...
1 parent 6e4c16b commit ef56054946a7ffb7739b7e1af89134bd5c090278 @ndbroadbent ndbroadbent committed Dec 9, 2011
View
2 app/views/accounts/_sidebar_show.html.haml
@@ -46,7 +46,7 @@
- unless @account.background_info.blank?
.caption #{t :background_info}
- = auto_link(simple_format h(@account.background_info))
+ = auto_link(simple_format @account.background_info).html_safe
- if @account.tag_list.present?
%dt
View
2 app/views/campaigns/_sidebar_show.html.haml
@@ -80,7 +80,7 @@
- unless @campaign.background_info.blank?
.caption #{t :background_info}
- = auto_link(simple_format h(@campaign.background_info))
+ = auto_link(simple_format @campaign.background_info).html_safe
- if @campaign.tag_list.present?
%dt
View
4 app/views/contacts/_sidebar_show.html.haml
@@ -30,10 +30,10 @@
- unless @contact.background_info.blank?
.caption #{t :background_info}
- = auto_link(simple_format h(@contact.background_info))
+ = auto_link(simple_format @contact.background_info).html_safe
- if @contact.tag_list.present?
%dt
- .tags= tags_for_index(@contact)
+ .tags= tags_for_index(@contact)
= hook(:show_contact_sidebar_bottom, self, :contact => @contact)
View
2 app/views/leads/_sidebar_show.html.haml
@@ -47,7 +47,7 @@
- unless @lead.background_info.blank?
.caption #{t :background_info}
- = auto_link(simple_format h(@lead.background_info))
+ = auto_link(simple_format @lead.background_info).html_safe
- if @lead.tag_list.present?
%dt
View
2 app/views/opportunities/_sidebar_show.html.haml
@@ -50,7 +50,7 @@
- unless @opportunity.background_info.blank?
.caption #{t :background_info}
- = auto_link(simple_format h(@opportunity.background_info))
+ = auto_link(simple_format @opportunity.background_info).html_safe
- if @opportunity.tag_list.present?
%dt
View
2 app/views/shared/_comment.html.haml
@@ -8,4 +8,4 @@
.indentslim
= link_to comment.user.full_name, user_path(comment.user)
%tt= t(:time_ago, distance_of_time_in_words(Time.now, comment.created_at))
- %dt= auto_link(simple_format h(comment.comment))
+ %dt= auto_link(simple_format comment.comment).html_safe

0 comments on commit ef56054

Please sign in to comment.
Something went wrong with that request. Please try again.