Escape every title in the home page

Antonio Terceiro
1 parent 8a0549d3
Showing 1 changed file with 4 additions and 4 deletions Show diff stats
app/views/home/index.rhtml
@@ -9,7 +9,7 @@
       <% @highlighted_news.each_with_index do |highlighted, index| %>
         <div class='highlighted-news-item post-<%= index + 1 %>'>
           <div class='highlighted-news-item post-<%= index + 1 %>-inner'>
-            <h2><%= link_to(highlighted.title, highlighted.url, :class => 'post-title') %></h2>
+            <h2><%= link_to(h(highlighted.title), highlighted.url, :class => 'post-title') %></h2>
             <span class="post-date"><%= show_date(highlighted.published_at, true) %> </span>
             <p class='headline'><%= !highlighted.abstract.blank? ? highlighted.abstract : highlighted.first_paragraph %></p>
             <p class='highlighted-news-read-more'>
@@ -28,7 +28,7 @@
         <% @portal_news.each do |news| %>
           <li>
           <span class="post-date"><%= show_date(news.published_at, true) %> </span>
-          <%= link_to(news.title, news.url, :class =>  'post-title' ) %>
+          <%= link_to(h(news.title), news.url, :class =>  'post-title' ) %>
           </li>
         <% end %>
       </ul>
@@ -40,10 +40,10 @@
       <% content_tag(:div, :class => ["news-area", ['even', 'odd'][i%2]].join(' ')) do %>
         <% content_tag(:div, :class => 'news-area-inner-1') do %>
           <% content_tag(:div, :class => 'news-area-inner-2') do %>
-            <h3><%= link_to folder.title, folder.url %></h3>
+            <h3><%= link_to h(folder.title), folder.url %></h3>
             <ul>
               <% folder.news(environment.news_amount_by_folder).each do |news| %>
-                <li> <%= link_to(news.title, news.url) %></li>
+                <li> <%= link_to(h(news.title), news.url) %></li>
               <% end%>
             </ul>
             <%= link_to _('View more'), folder.url, :class => 'news-see-more'  %>
...	...	@@ -9,7 +9,7 @@
9	9	<% @highlighted_news.each_with_index do \|highlighted, index\| %>
10	10	<div class='highlighted-news-item post-<%= index + 1 %>'>
11	11	<div class='highlighted-news-item post-<%= index + 1 %>-inner'>
12		- <h2><%= link_to(highlighted.title, highlighted.url, :class => 'post-title') %></h2>
	12	+ <h2><%= link_to(h(highlighted.title), highlighted.url, :class => 'post-title') %></h2>
13	13	<span class="post-date"><%= show_date(highlighted.published_at, true) %> </span>
14	14	<p class='headline'><%= !highlighted.abstract.blank? ? highlighted.abstract : highlighted.first_paragraph %></p>
15	15	<p class='highlighted-news-read-more'>
...	...	@@ -28,7 +28,7 @@
28	28	<% @portal_news.each do \|news\| %>
29	29	<li>
30	30	<span class="post-date"><%= show_date(news.published_at, true) %> </span>
31		- <%= link_to(news.title, news.url, :class => 'post-title' ) %>
	31	+ <%= link_to(h(news.title), news.url, :class => 'post-title' ) %>
32	32	</li>
33	33	<% end %>
34	34	</ul>
...	...	@@ -40,10 +40,10 @@
40	40	<% content_tag(:div, :class => ["news-area", ['even', 'odd'][i%2]].join(' ')) do %>
41	41	<% content_tag(:div, :class => 'news-area-inner-1') do %>
42	42	<% content_tag(:div, :class => 'news-area-inner-2') do %>
43		- <h3><%= link_to folder.title, folder.url %></h3>
	43	+ <h3><%= link_to h(folder.title), folder.url %></h3>
44	44	<ul>
45	45	<% folder.news(environment.news_amount_by_folder).each do \|news\| %>
46		- <li> <%= link_to(news.title, news.url) %></li>
	46	+ <li> <%= link_to(h(news.title), news.url) %></li>
47	47	<% end%>
48	48	</ul>
49	49	<%= link_to _('View more'), folder.url, :class => 'news-see-more' %>
...	...