diff options
author | Marek Labos <keraml@gmail.com> | 2012-08-17 16:42:47 +0200 |
---|---|---|
committer | Marek Labos <keraml@gmail.com> | 2012-08-17 16:42:47 +0200 |
commit | 9883c149e539cf4700ad2d9cf33ee012dd3bd750 (patch) | |
tree | e309d3eec908a1de3204866409a2cbe84d38ec5a /app/views/refinery/blog/posts/_nav.html.erb | |
parent | 9e58e35cf26deb13ef3054cab9a35c76827a448d (diff) | |
download | refinerycms-blog-9883c149e539cf4700ad2d9cf33ee012dd3bd750.tar.gz refinerycms-blog-9883c149e539cf4700ad2d9cf33ee012dd3bd750.tar.bz2 refinerycms-blog-9883c149e539cf4700ad2d9cf33ee012dd3bd750.zip |
escape title and tags in templates
Diffstat (limited to 'app/views/refinery/blog/posts/_nav.html.erb')
-rw-r--r-- | app/views/refinery/blog/posts/_nav.html.erb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/views/refinery/blog/posts/_nav.html.erb b/app/views/refinery/blog/posts/_nav.html.erb index eafd35e..9e87e6e 100644 --- a/app/views/refinery/blog/posts/_nav.html.erb +++ b/app/views/refinery/blog/posts/_nav.html.erb @@ -1,6 +1,6 @@ <nav id="next_prev_article"> <% if @post.next.present? -%> - <%= link_to (truncate(@post.next.title) + " »").html_safe, + <%= link_to (h(truncate(@post.next.title)) + " »").html_safe, refinery.blog_post_path(@post.next), :class => 'next' %> <% end -%> @@ -10,7 +10,7 @@ :class => 'home' %> <% if @post.prev.present? -%> - <%= link_to ("« " + truncate(@post.prev.title)).html_safe, + <%= link_to ("« " + h(truncate(@post.prev.title))).html_safe, refinery.blog_post_path(@post.prev), :class => 'prev' %> <% end -%> |