diff options
author | Philip Arndt <parndt@gmail.com> | 2012-08-17 08:27:29 -0700 |
---|---|---|
committer | Philip Arndt <parndt@gmail.com> | 2012-08-17 08:27:29 -0700 |
commit | 06fe63e5f02dc98c0573d497cad145538db97bf2 (patch) | |
tree | e309d3eec908a1de3204866409a2cbe84d38ec5a /app | |
parent | 9e58e35cf26deb13ef3054cab9a35c76827a448d (diff) | |
parent | 9883c149e539cf4700ad2d9cf33ee012dd3bd750 (diff) | |
download | refinerycms-blog-06fe63e5f02dc98c0573d497cad145538db97bf2.tar.gz refinerycms-blog-06fe63e5f02dc98c0573d497cad145538db97bf2.tar.bz2 refinerycms-blog-06fe63e5f02dc98c0573d497cad145538db97bf2.zip |
Merge pull request #266 from Nethemba/for_purists
escape title and tags in templates
Diffstat (limited to 'app')
-rw-r--r-- | app/views/refinery/blog/posts/_nav.html.erb | 4 | ||||
-rw-r--r-- | app/views/refinery/blog/posts/tagged.html.erb | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/app/views/refinery/blog/posts/_nav.html.erb b/app/views/refinery/blog/posts/_nav.html.erb index eafd35e..9e87e6e 100644 --- a/app/views/refinery/blog/posts/_nav.html.erb +++ b/app/views/refinery/blog/posts/_nav.html.erb @@ -1,6 +1,6 @@ <nav id="next_prev_article"> <% if @post.next.present? -%> - <%= link_to (truncate(@post.next.title) + " »").html_safe, + <%= link_to (h(truncate(@post.next.title)) + " »").html_safe, refinery.blog_post_path(@post.next), :class => 'next' %> <% end -%> @@ -10,7 +10,7 @@ :class => 'home' %> <% if @post.prev.present? -%> - <%= link_to ("« " + truncate(@post.prev.title)).html_safe, + <%= link_to ("« " + h(truncate(@post.prev.title))).html_safe, refinery.blog_post_path(@post.prev), :class => 'prev' %> <% end -%> diff --git a/app/views/refinery/blog/posts/tagged.html.erb b/app/views/refinery/blog/posts/tagged.html.erb index c22e55b..89e1415 100644 --- a/app/views/refinery/blog/posts/tagged.html.erb +++ b/app/views/refinery/blog/posts/tagged.html.erb @@ -1,6 +1,6 @@ <% content_for :title, "#{t('.posts_tagged')} '#{@tag_name.titleize}'" %> -<% content_for :body_content_title, "#{t('.posts_tagged')} “#{@tag_name.titleize}”".html_safe -%> +<% content_for :body_content_title, "#{t('.posts_tagged')} “#{h(@tag_name.titleize)}”".html_safe -%> <% content_for :body do %> <% if @posts.any? %> |