Merge pull request sidekiq#2309 from nolman/master

fix xss vulnerability in display class
yamagu · Apr 21, 2015 · 3056a5a · 3056a5a
2 parents 8bf6fd4 + 54766f3
commit 3056a5a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/web/views/queue.erb b/web/views/queue.erb
@@ -19,7 +19,7 @@
   </thead>
   <% @messages.each_with_index do |msg, index| %>
     <tr>
-      <td><%= msg.display_class %></td>
+      <td><%= h(msg.display_class) %></td>
       <td>
         <% a = msg.display_args.inspect %>
         <% if a.size > 100 %>