From e86897c7c3ce7dea169be7f2c027aae3a7a4edab Mon Sep 17 00:00:00 2001 From: erdgeist Date: Sat, 27 Jun 2026 20:29:25 +0200 Subject: Stop forcing escaped HTML into the database just because XML Builder was used wrong --- app/views/nodes/edit.html.erb | 2 +- app/views/rss/updates.rdf.builder | 4 ++-- app/views/rss/updates.xml.builder | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'app') diff --git a/app/views/nodes/edit.html.erb b/app/views/nodes/edit.html.erb index 596f992..b45c700 100644 --- a/app/views/nodes/edit.html.erb +++ b/app/views/nodes/edit.html.erb @@ -76,7 +76,7 @@
Title
-
<%= d.text_field :title, :pattern => "(?:[^<>&]|&amp;|&lt;|&gt;)*", :title => "Warning: Unescaped HTML entities detected! Use &lt;, &gt;, &amp; instead of <, >, &." %>
+
<%= d.text_field :title %>
Abstract
<%= d.text_area :abstract %>
diff --git a/app/views/rss/updates.rdf.builder b/app/views/rss/updates.rdf.builder index cc63201..b02d34f 100644 --- a/app/views/rss/updates.rdf.builder +++ b/app/views/rss/updates.rdf.builder @@ -17,9 +17,9 @@ xml.tag!("rdf:RDF", "xmlns:rdf" => "http://www.w3.org/1999/02/22-rdf-syntax-ns#" @items.each do |item| xml.item("rdf:about" => content_url(:page_path => item.node.unique_path)) do - xml.title(item.title) + xml.title(CGI.escapeHTML(item.title.to_s)) xml.link(content_url(:page_path => item.node.unique_path)) - xml.description(item.abstract) + xml.description(CGI.escapeHTML(item.abstract.to_s)) xml.tag!("dc:creator", (item.user ? item.user.login : "CCC")) xml.tag!("dc:date", item.published_at.xmlschema) end diff --git a/app/views/rss/updates.xml.builder b/app/views/rss/updates.xml.builder index 6afcd56..0ea08fa 100644 --- a/app/views/rss/updates.xml.builder +++ b/app/views/rss/updates.xml.builder @@ -12,7 +12,7 @@ xml.feed(:xmlns => "http://www.w3.org/2005/Atom", "xml:base" => @host) do @items.each do |item| xml.entry do - xml.title(item.title) + xml.title(CGI.escapeHTML(item.title.to_s)) xml.link( :href => content_url(:page_path => item.node.unique_path), :rel => "alternate", @@ -21,7 +21,7 @@ xml.feed(:xmlns => "http://www.w3.org/2005/Atom", "xml:base" => @host) do xml.id(content_url(:page_path => item.node.feed_id)) xml.updated(item.updated_at.xmlschema) xml.published(item.published_at.xmlschema) - xml.summary(item.abstract) + xml.summary(CGI.escapeHTML(item.abstract.to_s)) xml.content(:type => "xhtml") do xml.div(item.body, :xmlns => "http://www.w3.org/1999/xhtml") end -- cgit v1.3