cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use h() to avoid XSS in usernames

Browse source
This commit is contained in:
Ævar Arnfjörð Bjarmason 2009-10-01 20:02:54 +00:00
parent e0ece00738
commit 78e0ec74f7
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/views/user_blocks/edit.html.erb
View file

@ -8,7 +8,7 @@
<%= f.error_messages %>
<p>
<%= f.label :reason, t('user_block.edit.reason', :name => @user_block.user.display_name) %><br />
<%= f.label :reason, t('user_block.edit.reason', :name => h(@user_block.user.display_name)) %><br />
<%= f.text_area :reason %>
</p>
<p>

2
app/views/user_blocks/new.html.erb
View file

@ -1,4 +1,4 @@
<h1><%= t('user_block.new.title', :name => @this_user.display_name) %></h1>
<h1><%= t('user_block.new.title', :name => h(@this_user.display_name)) %></h1>
<% form_for(@user_block) do |f| %>
<%= f.error_messages %>