cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use h() to avoid XSS in usernames

Browse source
This commit is contained in:
Ævar Arnfjörð Bjarmason 2009-10-01 20:02:54 +00:00
parent e0ece00738
commit 78e0ec74f7
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/views/user_blocks/new.html.erb
View file

@ -1,4 +1,4 @@
<h1><%= t('user_block.new.title', :name => @this_user.display_name) %></h1>
<h1><%= t('user_block.new.title', :name => h(@this_user.display_name)) %></h1>
<% form_for(@user_block) do |f| %>
<%= f.error_messages %>