Commit c7b916ab09b7cf3b31f43bf45dbe52fb6abf3b4e
1 parent
a4fefc0c
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
Sanitize comment title and body
Showing
1 changed file
with
2 additions
and
2 deletions
Show diff stats
app/views/comment/_comment.html.erb
| ... | ... | @@ -38,10 +38,10 @@ |
| 38 | 38 | <div class="comment-created-at"> |
| 39 | 39 | <%= show_time(comment.created_at) %> |
| 40 | 40 | </div> |
| 41 | - <h4><%= comment.title.blank? && ' ' || comment.title %></h4> | |
| 41 | + <h4><%= comment.title.blank? && ' ' || sanitize(comment.title) %></h4> | |
| 42 | 42 | <div class="comment-text"> |
| 43 | 43 | <p/> |
| 44 | - <%= txt2html comment.body %> | |
| 44 | + <%= txt2html sanitize(comment.body) %> | |
| 45 | 45 | </div> |
| 46 | 46 | <%= @plugins.dispatch(:comment_extra_contents, local_assigns).collect { |content| instance_exec(&content) }.join("") %> |
| 47 | 47 | </div> | ... | ... |