Commit f16ec7f40f8a718f3860db79ebf6a17ce30f462e
1 parent
c40bc786
Exists in
staging
and in
4 other branches
Not escape html in people suggestions
Showing
2 changed files
with
3 additions
and
3 deletions
Show diff stats
app/helpers/application_helper.rb
| @@ -1183,10 +1183,10 @@ module ApplicationHelper | @@ -1183,10 +1183,10 @@ module ApplicationHelper | ||
| 1183 | end | 1183 | end |
| 1184 | 1184 | ||
| 1185 | controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships | 1185 | controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships |
| 1186 | - profiles << link_to("<big> +#{suggestion.profile_connections.count - 4}</big>", :controller => controller_target, :action => :connections, :id => suggestion.suggestion_id) if suggestion.profile_connections.count > 4 | 1186 | + profiles << link_to("<big> +#{suggestion.profile_connections.count - 4}</big>".html_safe, :controller => controller_target, :action => :connections, :id => suggestion.suggestion_id) if suggestion.profile_connections.count > 4 |
| 1187 | 1187 | ||
| 1188 | if profiles.present? | 1188 | if profiles.present? |
| 1189 | - content_tag(:div, profiles.join , :class => 'profile-connections') | 1189 | + content_tag(:div, profiles.safe_join , :class => 'profile-connections') |
| 1190 | else | 1190 | else |
| 1191 | '' | 1191 | '' |
| 1192 | end | 1192 | end |
app/views/shared/_profile_connections.html.erb
| @@ -4,7 +4,7 @@ | @@ -4,7 +4,7 @@ | ||
| 4 | <ul class="profile-list"> | 4 | <ul class="profile-list"> |
| 5 | <% profiles.each do |profile| %> | 5 | <% profiles.each do |profile| %> |
| 6 | <li> | 6 | <li> |
| 7 | - <%= link_to_profile profile_image(profile) + '<br/>' + profile.short_name, | 7 | + <%= link_to_profile profile_image(profile) + '<br/>'.html_safe + profile.short_name, |
| 8 | profile.identifier, :class => 'profile-link' %> | 8 | profile.identifier, :class => 'profile-link' %> |
| 9 | </li> | 9 | </li> |
| 10 | <% end %> | 10 | <% end %> |