 |
Fix HTML escaping properly - warvox - VoIP based wardialing tool, forked from r… |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
commit 70379df629033bdd61080eba61894c2e9b745c62 |
|
parent aee6346ab4227e65a5cc0cf26636bd465e72a5cd |
 |
Author: HD Moore <[email protected]> |
|
Date: Tue, 1 Jan 2013 21:16:42 -0600 |
|
|
|
Fix HTML escaping properly |
|
|
|
Diffstat: |
|
M app/helpers/application_helper.rb | 10 +++++----- |
|
M app/views/jobs/index.html.erb | 2 +- |
|
M app/views/layouts/application.html… | 4 ++-- |
|
|
|
3 files changed, 8 insertions(+), 8 deletions(-) |
|
--- |
|
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper… |
|
@@ -28,11 +28,11 @@ module ApplicationHelper |
|
|
|
ttip = raw("<div class='task_args_formatted'>") |
|
info.each_pair do |k,v| |
|
- ttip << raw("<div class='task_args_var'>") + k… |
|
- ttip << raw("<div class='task_args_val'>") + v… |
|
+ ttip << raw("<div class='task_args_var'>") + h… |
|
+ ttip << raw("<div class='task_args_val'>") + h… |
|
end |
|
ttip << raw("</div>\n") |
|
- outp = raw("<a href='#' rel='tooltip' title=\"#{ttip}\… |
|
+ outp = raw("<a href='#' rel='tooltip' title=\"#{ttip}\… |
|
outp |
|
rescue ::Exception => e |
|
job.status.to_s.capitalize |
|
@@ -42,8 +42,8 @@ module ApplicationHelper |
|
def format_job_status(job) |
|
case job.status |
|
when 'error' |
|
- ttip = job.error.to_s.html_safe |
|
- outp = raw("<a href='#' rel='tooltip' title=\"#{ttip}\… |
|
+ ttip = h(job.error.to_s) |
|
+ outp = raw("<a href='#' rel='tooltip' title=\"#{ttip}\… |
|
outp |
|
else |
|
job.status.to_s.capitalize |
|
diff --git a/app/views/jobs/index.html.erb b/app/views/jobs/index.html.erb |
|
@@ -90,7 +90,7 @@ |
|
<td><%= format_job_status(job) %></td> |
|
<td><%= job.created_at.localtime.strftime("%Y-%m-%d %H:%M:%S %Z") %></td> |
|
<td><%= job.completed_at ? job.completed_at.localtime.strftime("%Y-%m-%d %… |
|
- <td><%= link_to( truncate(job.project.name, :length => 25).html_safe, proj… |
|
+ <td><%= link_to( h(truncate(job.project.name, :length => 25)), project_pat… |
|
</tr> |
|
<% end %> |
|
</table> |
|
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/applica… |
|
@@ -36,7 +36,7 @@ |
|
<%= link_to( |
|
raw( |
|
'<i class="icon-chevro… |
|
- truncate(@project.name… |
|
+ h(truncate(@project.na… |
|
' <i class="icon-chevr… |
|
</li> |
|
<%= menu_item "Results", calls_path(@project) … |
|
@@ -53,7 +53,7 @@ |
|
<%= drop_down_divider %> |
|
<%= drop_down_header "Recent P… |
|
<% Project.find(:all, :order =… |
|
- <%= menu_item raw('<i … |
|
+ <%= menu_item raw('<i … |
|
<% end %> |
|
<% end %> |
|
<% end %> |
