ref: refs/heads/master
commit 31495f311f7991f03e89a35e118804482aca6746
Author: Josef Reidinger
Date: Wed Nov 4 13:07:06 2009 +0100
fix html injection in hosts show, even if nowhere is pointed to that URL, someone who expect REST hosts should look at it
---
webclient/app/views/hosts/show.html.erb | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/webclient/app/views/hosts/show.html.erb b/webclient/app/views/hosts/show.html.erb
index dad8e98..2e7ea34 100644
--- a/webclient/app/views/hosts/show.html.erb
+++ b/webclient/app/views/hosts/show.html.erb
@@ -1,7 +1,7 @@
<div class="table">
- <%= @host.name %>
- <%= @host.url %>
- <%= @host.description %>
+ <%=h @host.name %>
+ <%=h @host.url %>
+ <%=h @host.description %>
</div>
-<%= link_to _('Index'), host_path, :class => "button" %>
\ No newline at end of file
+<%= link_to _('Index'), host_path, :class => "button" %>
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org