projects
/
selectricity-live
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add a bunch of fixes to HTML escaping, and a test case for it
[selectricity-live]
/
app
/
views
/
site
/
index.rhtml
diff --git
a/app/views/site/index.rhtml
b/app/views/site/index.rhtml
index 0d59849a6997d2c621454e2491cca25284e3ed82..1b994b0e16ebf84e29e1b7df89c1c9298cb81e44 100644
(file)
--- a/
app/views/site/index.rhtml
+++ b/
app/views/site/index.rhtml
@@
-17,7
+17,7
@@
methods.</p>
<ul>
<% for quickvote in @quickvotes %>
<ul>
<% for quickvote in @quickvotes %>
-<li><%= link_to (
quickvote.shortdesc
|| "Unnamed"), quickvote_url(:ident => quickvote.name) %></li>
+<li><%= link_to (
h(quickvote.shortdesc)
|| "Unnamed"), quickvote_url(:ident => quickvote.name) %></li>
<% end %>
</ul>
<% end %>
</ul>
Benjamin Mako Hill
||
Want to submit a patch?