Commit ae454ce9f710a19295ad08d2b09335dc2c43cdd4
Committed by
Antonio Terceiro
1 parent
62912d1e
Exists in
master
and in
29 other branches
ActionItem1245: not allowing javascript
* on header/footer * on articles * on events
Showing
3 changed files
with
4 additions
and
1 deletions
Show diff stats
app/models/article.rb
@@ -26,6 +26,8 @@ class Article < ActiveRecord::Base | @@ -26,6 +26,8 @@ class Article < ActiveRecord::Base | ||
26 | article.published_at = article.created_at if article.published_at.nil? | 26 | article.published_at = article.created_at if article.published_at.nil? |
27 | end | 27 | end |
28 | 28 | ||
29 | + xss_terminate :only => [ :name ] | ||
30 | + | ||
29 | def self.human_attribute_name(attrib) | 31 | def self.human_attribute_name(attrib) |
30 | case attrib.to_sym | 32 | case attrib.to_sym |
31 | when :name | 33 | when :name |
app/models/event.rb
@@ -6,7 +6,7 @@ class Event < Article | @@ -6,7 +6,7 @@ class Event < Article | ||
6 | settings_items :link, :type => :string | 6 | settings_items :link, :type => :string |
7 | settings_items :address, :type => :string | 7 | settings_items :address, :type => :string |
8 | 8 | ||
9 | - xss_terminate :only => [ :description ], :with => 'white_list' | 9 | + xss_terminate :only => [ :description, :link, :address ], :with => 'white_list' |
10 | 10 | ||
11 | validates_presence_of :title, :start_date | 11 | validates_presence_of :title, :start_date |
12 | 12 |
app/models/profile.rb
@@ -269,6 +269,7 @@ class Profile < ActiveRecord::Base | @@ -269,6 +269,7 @@ class Profile < ActiveRecord::Base | ||
269 | end | 269 | end |
270 | 270 | ||
271 | xss_terminate :only => [ :name, :nickname, :address, :contact_phone ] | 271 | xss_terminate :only => [ :name, :nickname, :address, :contact_phone ] |
272 | + xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list' | ||
272 | 273 | ||
273 | # returns the contact email for this profile. | 274 | # returns the contact email for this profile. |
274 | # | 275 | # |