Download as
Browse Code »

Commit 6e9b3b36b981544ecb2b4516ff60a0b31fb2a219

Authored by Victor Costa
Committed by Rodrigo Souto
1 parent 75ebbf5b
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Fix xss issue at body_classes

Showing 1 changed file with 1 additions and 1 deletions   Show diff stats
app/views/layouts/application-ng.rhtml
  Diff comments   View file @6e9b3b3
@@ -22,7 +22,7 @@ @@ -22,7 +22,7 @@
22 DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>; 22 DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
23 </script> 23 </script>
24 </head> 24 </head>
25 - <body class="<%= body_classes %>"> 25 + <body class="<%= h body_classes %>">
26 <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a> 26 <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
27 27
28 <%= 28 <%=