DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Fix CSS injection

Browse source
This commit is contained in:
Paul Chavard 2018-01-11 18:09:01 +01:00
parent a6cdf714a6
commit 6a43248cb3
7 changed files with 14 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/helpers/application_helper.rb
View file

@ -1,4 +1,10 @@
module ApplicationHelper
include SanitizeUrl
def sanitize_url(url)
super(url, schemes: ['http', 'https'], replace_evil_with: root_url)
end
def flash_class(level)
case level
when "notice" then "alert-success"