[yast-commit] <web-client> master : fix html injection in hosts show, even if nowhere is pointed to that URL, someone who expect REST hosts should look at it

ref: refs/heads/master commit 31495f311f7991f03e89a35e118804482aca6746 Author: Josef Reidinger Date: Wed Nov 4 13:07:06 2009 +0100 fix html injection in hosts show, even if nowhere is pointed to that URL, someone who expect REST hosts should look at it --- webclient/app/views/hosts/show.html.erb | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/webclient/app/views/hosts/show.html.erb b/webclient/app/views/hosts/show.html.erb index dad8e98..2e7ea34 100644 --- a/webclient/app/views/hosts/show.html.erb +++ b/webclient/app/views/hosts/show.html.erb @@ -1,7 +1,7 @@ <div class="table"> - <%= @host.name %> - <%= @host.url %> - <%= @host.description %> + <%=h @host.name %> + <%=h @host.url %> + <%=h @host.description %> </div> -<%= link_to _('Index'), host_path, :class => "button" %> \ No newline at end of file +<%= link_to _('Index'), host_path, :class => "button" %> -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org