summaryrefslogtreecommitdiff
path: root/app/views
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2026-06-27 20:29:25 +0200
committererdgeist <erdgeist@erdgeist.org>2026-06-27 20:29:25 +0200
commite86897c7c3ce7dea169be7f2c027aae3a7a4edab (patch)
tree2e97075f9213fa28e33e0291fe853c865d441027 /app/views
parent4c22631a5a85b3082f0525cc2454d2bd2251922a (diff)
Stop forcing escaped HTML into the database just because XML Builder was used wrong
Diffstat (limited to 'app/views')
-rw-r--r--app/views/nodes/edit.html.erb2
-rw-r--r--app/views/rss/updates.rdf.builder4
-rw-r--r--app/views/rss/updates.xml.builder4
3 files changed, 5 insertions, 5 deletions
diff --git a/app/views/nodes/edit.html.erb b/app/views/nodes/edit.html.erb
index 596f992..b45c700 100644
--- a/app/views/nodes/edit.html.erb
+++ b/app/views/nodes/edit.html.erb
@@ -76,7 +76,7 @@
76 76
77 <div id="content"> 77 <div id="content">
78 <div class="node_description">Title</div> 78 <div class="node_description">Title</div>
79 <div class="node_content"><%= d.text_field :title, :pattern => "(?:[^<>&amp;]|&amp;amp;|&amp;lt;|&amp;gt;)*", :title => "Warning: Unescaped HTML entities detected! Use &amp;lt;, &amp;gt;, &amp;amp; instead of <, >, &." %></div> 79 <div class="node_content"><%= d.text_field :title %></div>
80 80
81 <div class="node_description">Abstract</div> 81 <div class="node_description">Abstract</div>
82 <div class="node_content"><%= d.text_area :abstract %></div> 82 <div class="node_content"><%= d.text_area :abstract %></div>
diff --git a/app/views/rss/updates.rdf.builder b/app/views/rss/updates.rdf.builder
index cc63201..b02d34f 100644
--- a/app/views/rss/updates.rdf.builder
+++ b/app/views/rss/updates.rdf.builder
@@ -17,9 +17,9 @@ xml.tag!("rdf:RDF", "xmlns:rdf" => "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
17 17
18 @items.each do |item| 18 @items.each do |item|
19 xml.item("rdf:about" => content_url(:page_path => item.node.unique_path)) do 19 xml.item("rdf:about" => content_url(:page_path => item.node.unique_path)) do
20 xml.title(item.title) 20 xml.title(CGI.escapeHTML(item.title.to_s))
21 xml.link(content_url(:page_path => item.node.unique_path)) 21 xml.link(content_url(:page_path => item.node.unique_path))
22 xml.description(item.abstract) 22 xml.description(CGI.escapeHTML(item.abstract.to_s))
23 xml.tag!("dc:creator", (item.user ? item.user.login : "CCC")) 23 xml.tag!("dc:creator", (item.user ? item.user.login : "CCC"))
24 xml.tag!("dc:date", item.published_at.xmlschema) 24 xml.tag!("dc:date", item.published_at.xmlschema)
25 end 25 end
diff --git a/app/views/rss/updates.xml.builder b/app/views/rss/updates.xml.builder
index 6afcd56..0ea08fa 100644
--- a/app/views/rss/updates.xml.builder
+++ b/app/views/rss/updates.xml.builder
@@ -12,7 +12,7 @@ xml.feed(:xmlns => "http://www.w3.org/2005/Atom", "xml:base" => @host) do
12 12
13 @items.each do |item| 13 @items.each do |item|
14 xml.entry do 14 xml.entry do
15 xml.title(item.title) 15 xml.title(CGI.escapeHTML(item.title.to_s))
16 xml.link( 16 xml.link(
17 :href => content_url(:page_path => item.node.unique_path), 17 :href => content_url(:page_path => item.node.unique_path),
18 :rel => "alternate", 18 :rel => "alternate",
@@ -21,7 +21,7 @@ xml.feed(:xmlns => "http://www.w3.org/2005/Atom", "xml:base" => @host) do
21 xml.id(content_url(:page_path => item.node.feed_id)) 21 xml.id(content_url(:page_path => item.node.feed_id))
22 xml.updated(item.updated_at.xmlschema) 22 xml.updated(item.updated_at.xmlschema)
23 xml.published(item.published_at.xmlschema) 23 xml.published(item.published_at.xmlschema)
24 xml.summary(item.abstract) 24 xml.summary(CGI.escapeHTML(item.abstract.to_s))
25 xml.content(:type => "xhtml") do 25 xml.content(:type => "xhtml") do
26 xml.div(item.body, :xmlns => "http://www.w3.org/1999/xhtml") 26 xml.div(item.body, :xmlns => "http://www.w3.org/1999/xhtml")
27 end 27 end