diff options
| author | hukl <contact@smyck.org> | 2009-10-17 13:56:01 +0200 |
|---|---|---|
| committer | hukl <contact@smyck.org> | 2009-10-17 13:56:01 +0200 |
| commit | c36132551b62e7d249948712d6dc47be614c28a5 (patch) | |
| tree | 03d259bc98c11defc0ab36e961f1d95d335833e4 /app/views/content | |
| parent | b7c233271b072ba408bfa9e9e8cc6fde7726c558 (diff) | |
added sanitize statements to hopefully all critical templates to protect against cross site scripting.
added section to environment.rb listing the whitelisted tags and attributes and examples on how to extend the list
Diffstat (limited to 'app/views/content')
| -rw-r--r-- | app/views/content/_front_page_calendar.html.erb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/content/_front_page_calendar.html.erb b/app/views/content/_front_page_calendar.html.erb index 1a409a6..e7f46ba 100644 --- a/app/views/content/_front_page_calendar.html.erb +++ b/app/views/content/_front_page_calendar.html.erb | |||
| @@ -4,7 +4,7 @@ | |||
| 4 | <% occurrences.each do |occurrence| %> | 4 | <% occurrences.each do |occurrence| %> |
| 5 | <li> | 5 | <li> |
| 6 | <div><%= l occurrence.start_time.to_date, :format => :default %></div> | 6 | <div><%= l occurrence.start_time.to_date, :format => :default %></div> |
| 7 | <%= link_to_path occurrence.node.head.title, occurrence.node.unique_name %> | 7 | <%= link_to_path sanitize( occurrence.node.head.title ), occurrence.node.unique_name %> |
| 8 | </li> | 8 | </li> |
| 9 | <% end %> | 9 | <% end %> |
| 10 | </ul> | 10 | </ul> |
