Escapes html in translations link

Escapes html so the javascript doesn't break

Escapes html in translations link
Escapes html so the javascript doesn't break
Larissa Reis
1 parent 4b3b5d07
Showing 1 changed file with 1 additions and 1 deletions Show diff stats
app/helpers/content_viewer_helper.rb
@@ -45,7 +45,7 @@ module ContentViewerHelper
         { article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
       end
       content_tag(:div, link_to(_('Translations'), '#',
-                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false",
+                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
                                 :class => 'article-translations-menu simplemenu-trigger up'),
                   :class => 'article-translations')
     end
...	...	@@ -45,7 +45,7 @@ module ContentViewerHelper
45	45	{ article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
46	46	end
47	47	content_tag(:div, link_to(_('Translations'), '#',
48		- :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false",
	48	+ :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
49	49	:class => 'article-translations-menu simplemenu-trigger up'),
50	50	:class => 'article-translations')
51	51	end
...	...