From 76f856ad49aa96224aaa646d49351c98be74f12a Mon Sep 17 00:00:00 2001
From: Larissa Reis <larissa@colivre.coop.br>
Date: Sat, 17 Jan 2015 22:06:40 -0300
Subject: [PATCH] Escapes html in translations link

---
 app/helpers/content_viewer_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/helpers/content_viewer_helper.rb b/app/helpers/content_viewer_helper.rb
index 27a4141..696cebf 100644
--- a/app/helpers/content_viewer_helper.rb
+++ b/app/helpers/content_viewer_helper.rb
@@ -45,7 +45,7 @@ module ContentViewerHelper
         { article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
       end
       content_tag(:div, link_to(_('Translations'), '#',
-                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false",
+                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
                                 :class => 'article-translations-menu simplemenu-trigger up'),
                   :class => 'article-translations')
     end
--
libgit2 0.21.2