Commit 1217394deeb7b9acb7d4d1bf3ec84745191a0246
1 parent
4ca38963
Exists in
staging
should not escape html of api documentation and not found page's
Showing
2 changed files
with
6 additions
and
6 deletions
Show diff stats
app/views/api/index.html.erb
| 1 | <h1>EndPoints</h1> | 1 | <h1>EndPoints</h1> |
| 2 | 2 | ||
| 3 | <div style="float: right"> | 3 | <div style="float: right"> |
| 4 | - <%= s_('api-playground|Try the %s') % link_to('API Playground', {:controller => 'api', :action => 'playground'}) %> | 4 | + <%= s_('api-playground|Try the %s').html_safe % link_to('API Playground', {:controller => 'api', :action => 'playground'}) %> |
| 5 | </div> | 5 | </div> |
| 6 | 6 | ||
| 7 | <%= endpoints.map do |endpoint| | 7 | <%= endpoints.map do |endpoint| |
| 8 | app = endpoint.options[:app].to_s | 8 | app = endpoint.options[:app].to_s |
| 9 | unless app.blank? | 9 | unless app.blank? |
| 10 | - content_tag(:h2, app.split('::').last.to_s, title: app) + | 10 | + content_tag(:h2, app.split('::').last.to_s, title: app).html_safe + |
| 11 | (content_tag :ul do | 11 | (content_tag :ul do |
| 12 | endpoint.routes.map do |route| | 12 | endpoint.routes.map do |route| |
| 13 | content_tag :li do | 13 | content_tag :li do |
| 14 | content_tag(:strong, route.route_method) + ' ' + | 14 | content_tag(:strong, route.route_method) + ' ' + |
| 15 | - route.route_path.gsub(':version', content_tag(:b, route.route_version)) | 15 | + route.route_path.gsub(':version', content_tag(:b, route.route_version)).html_safe |
| 16 | end | 16 | end |
| 17 | - end.join "\n" | 17 | + end.safe_join "\n" |
| 18 | end) | 18 | end) |
| 19 | end | 19 | end |
| 20 | -end.join "\n" %> | 20 | +end.safe_join "\n" %> |
app/views/shared/not_found.html.erb
| 1 | <div id='not-found'> | 1 | <div id='not-found'> |
| 2 | - <h1><%= _('There is no such page: %s') % (content_tag('tt', @path)) %></h1> | 2 | + <h1><%= _('There is no such page: %s').html_safe % (content_tag('tt', @path)) %></h1> |
| 3 | <p> | 3 | <p> |
| 4 | <%= _('You may have clicked an expired link or mistyped the address.') %> | 4 | <%= _('You may have clicked an expired link or mistyped the address.') %> |
| 5 | <%= _('If you clicked a link that was in another site, or was given to you by someone else, it would be nice if you tell them that their link is not valid anymore.') %> | 5 | <%= _('If you clicked a link that was in another site, or was given to you by someone else, it would be nice if you tell them that their link is not valid anymore.') %> |