ref: refs/heads/master
commit cf369fd83d97baffe3f465a91736a3bff5ef3e80
Author: Josef Reidinger
Date: Wed Nov 4 12:50:33 2009 +0100
prevent HTML injection on host name
---
webclient/app/views/hosts/index.html.erb | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/webclient/app/views/hosts/index.html.erb b/webclient/app/views/hosts/index.html.erb
index d603d31..52df0f2 100644
--- a/webclient/app/views/hosts/index.html.erb
+++ b/webclient/app/views/hosts/index.html.erb
@@ -9,7 +9,7 @@
<li>
<ul>
<li>
- <strong><%= link_to host.name, new_session_path(:hostid => "#{host.id}") %></strong>
+ <strong><%= link_to h(host.name), new_session_path(:hostid => "#{host.id}") %></strong>
</li>
<li>
<span class="li-url"><%=h host.url %></span>
@@ -39,4 +39,4 @@
-->
</div>
</div>
-<!--host list -->
\ No newline at end of file
+<!--host list -->
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org