Escape html entities in commit messages

Alex Leutgöb
1 parent 0b8e956f
Showing 1 changed file with 1 additions and 1 deletions Show diff stats
app/views/events/_event_push.atom.haml
@@ -6,7 +6,7 @@
       %i
         at
         = commit.committed_date.strftime("%Y-%m-%d %H:%M:%S")
-    %blockquote= simple_format commit.safe_message
+    %blockquote= simple_format(escape_once(commit.safe_message))
   - if event.commits_count > 15
     %p
       %i
...	...	@@ -6,7 +6,7 @@
6	6	%i
7	7	at
8	8	= commit.committed_date.strftime("%Y-%m-%d %H:%M:%S")
9		- %blockquote= simple_format commit.safe_message
	9	+ %blockquote= simple_format(escape_once(commit.safe_message))
10	10	- if event.commits_count > 15
11	11	%p
12	12	%i
...	...