Merge pull request #716 from forced-request/xssFix

Fixed XSS vulnerability within bootstrap_flash that was occuring by call...
seyhunak · Mar 25, 2014 · 663760e · 663760e
2 parents 965ebd3 + 7fe8f1c
commit 663760e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/helpers/bootstrap_flash_helper.rb b/app/helpers/bootstrap_flash_helper.rb
@@ -15,7 +15,7 @@ def bootstrap_flash
       Array(message).each do |msg|
         text = content_tag(:div,
                            content_tag(:button, raw("&times;"), :class => "close", "data-dismiss" => "alert") +
-                           msg.html_safe, :class => "alert fade in alert-#{type}")
+                           msg, :class => "alert fade in alert-#{type}")
         flash_messages << text if msg
       end
     end