From 7fd475273a4a09e7a10835cca94e6b0dc396c719 Mon Sep 17 00:00:00 2001
From: Adrien Siami <adrien.siami@dimelo.com>
Date: Wed, 21 Aug 2013 15:29:12 +0200
Subject: Escape the message of an exception in debug_exceptions to avoid bad
 rendering

---
 .../lib/action_dispatch/middleware/templates/rescues/diagnostics.erb    | 2 +-
 .../action_dispatch/middleware/templates/rescues/missing_template.erb   | 2 +-
 .../lib/action_dispatch/middleware/templates/rescues/routing_error.erb  | 2 +-
 .../lib/action_dispatch/middleware/templates/rescues/template_error.erb | 2 +-
 .../lib/action_dispatch/middleware/templates/rescues/unknown_action.erb | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'actionpack/lib/action_dispatch/middleware/templates/rescues')

diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb
index 57a2940802..f154021ae6 100644
--- a/actionpack/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb
+++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb
@@ -8,7 +8,7 @@
 </header>
 
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
 
   <%= render template: "rescues/_source" %>
   <%= render template: "rescues/_trace" %>
diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/missing_template.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/missing_template.erb
index ca14215946..5c016e544e 100644
--- a/actionpack/lib/action_dispatch/middleware/templates/rescues/missing_template.erb
+++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/missing_template.erb
@@ -3,5 +3,5 @@
 </header>
 
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
 </div>
diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/routing_error.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/routing_error.erb
index cd3daff065..7e9cedb95e 100644
--- a/actionpack/lib/action_dispatch/middleware/templates/rescues/routing_error.erb
+++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/routing_error.erb
@@ -2,7 +2,7 @@
   <h1>Routing Error</h1>
 </header>
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
   <% unless @exception.failures.empty? %>
     <p>
       <h2>Failure reasons:</h2>
diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/template_error.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/template_error.erb
index 31f46ee340..027a0f5b3e 100644
--- a/actionpack/lib/action_dispatch/middleware/templates/rescues/template_error.erb
+++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/template_error.erb
@@ -10,7 +10,7 @@
   <p>
     Showing <i><%= @exception.file_name %></i> where line <b>#<%= @exception.line_number %></b> raised:
   </p>
-  <pre><code><%= @exception.message %></code></pre>
+  <pre><code><%= h @exception.message %></code></pre>
 
   <div class="source">
     <div class="info">
diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb
index c1fbf67eed..259fb2bb3b 100644
--- a/actionpack/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb
+++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb
@@ -2,5 +2,5 @@
   <h1>Unknown action</h1>
 </header>
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
 </div>
-- 
cgit v1.2.3