Commit 6672bb97c25d927061e89d657ca62e0fa439c31d
1 parent
32a6e23d
Exists in
new_security
fix html_safe on helpers
Showing
2 changed files
with
4 additions
and
3 deletions
Show diff stats
app/helpers/action_tracker_helper.rb
| ... | ... | @@ -15,11 +15,12 @@ module ActionTrackerHelper |
| 15 | 15 | end |
| 16 | 16 | |
| 17 | 17 | def join_community_description ta |
| 18 | - n_('has joined 1 community:<br />%{name}', 'has joined %{num} communities:<br />%{name}', ta.get_resource_name.size) % { | |
| 18 | + n_('has joined 1 community:<br />%{name}'.html_safe, 'has joined %{num} communities:<br />%{name}'.html_safe, ta.get_resource_name.size) % { | |
| 19 | 19 | num: ta.get_resource_name.size, |
| 20 | 20 | name: ta.collect_group_with_index(:resource_name) do |n,i| |
| 21 | - link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")), | |
| 21 | + link = link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")), | |
| 22 | 22 | ta.get_resource_url[i], title: n |
| 23 | + link.html_safe | |
| 23 | 24 | end.join |
| 24 | 25 | } |
| 25 | 26 | end | ... | ... |
app/helpers/display_helper.rb
| ... | ... | @@ -63,7 +63,7 @@ module DisplayHelper |
| 63 | 63 | content = safe_join(href.gsub(/^https?:\/\//, '').scan(/.{1,4}/), '​'.html_safe) |
| 64 | 64 | pre_char + |
| 65 | 65 | content_tag(:a, content, :href => href, :target => '_blank', |
| 66 | - :rel => 'nofolow', :onclick => "return confirm('%s')" % | |
| 66 | + :rel => 'nofolow', :onclick => "return confirm('%s')".html_safe % | |
| 67 | 67 | _('Are you sure you want to visit this web site?')) |
| 68 | 68 | end |
| 69 | 69 | ret.html_safe | ... | ... |