From 91633ac4419d839661e35ae8f2efe5c9089cfb67 Mon Sep 17 00:00:00 2001 From: User Date: Wed, 29 Dec 2010 17:06:40 +0100 Subject: use sanitize instead of only html_escape! --- app/views/search/index.html.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app') diff --git a/app/views/search/index.html.erb b/app/views/search/index.html.erb index 9824b8f..ada6c61 100644 --- a/app/views/search/index.html.erb +++ b/app/views/search/index.html.erb @@ -1,5 +1,5 @@ <% if params[:search_term] %> -

Suchergebnisse für Suchbegriff: <%=h params[:search_term] %>

+

Suchergebnisse für Suchbegriff: <%=h sanitize(params[:search_term]) %>

<% end %> <%= @@ -8,4 +8,4 @@ :collection => @results, :as => :node ) -%> \ No newline at end of file +%> -- cgit v1.3