[myexperiment-hackers] [3579] trunk/app/views: More XSS fixes

[noreply]

Revision

3579

Author

fbacall

Date

2013-05-31 15:05:26 +0000 (Fri, 31 May 2013)

Log Message

More XSS fixes

Modified Paths

• trunk/app/views/blobs/_table.rhtml
• trunk/app/views/networks/_table.rhtml
• trunk/app/views/packs/_table.rhtml
• trunk/app/views/workflows/_table.rhtml

Diff

Modified: trunk/app/views/blobs/_table.rhtml (3578 => 3579)

--- trunk/app/views/blobs/_table.rhtml	2013-05-31 15:02:58 UTC (rev 3578)
+++ trunk/app/views/blobs/_table.rhtml	2013-05-31 15:05:26 UTC (rev 3579)
@@ -34,7 +34,7 @@
           <a name="<%= blob.local_name.gsub(/ /, "_") %>"></a>
           <p class="title">
             <%= icon "blob", nil, nil, nil, '' %>
-            <% truncated_title = truncate(blob.title, :length => 55) %>
+            <% truncated_title = h(truncate(blob.title, :length => 55)) %>
             <%=link_to(query ? highlight_all(truncated_title, query) : truncated_title, blob_path(blob),
                        :title => blob.title) %>
           </p>

Modified: trunk/app/views/networks/_table.rhtml (3578 => 3579)

--- trunk/app/views/networks/_table.rhtml	2013-05-31 15:02:58 UTC (rev 3578)
+++ trunk/app/views/networks/_table.rhtml	2013-05-31 15:05:26 UTC (rev 3579)
@@ -41,7 +41,7 @@
         <% else %>
           <%= icon "network-member", nil, nil, nil, '' %>
         <% end %>
-        <% truncated_title = truncate(network.title, :length => 45) %>
+        <% truncated_title = h(truncate(network.title, :length => 45)) %>
         <%=link_to(query ? highlight_all(truncated_title, query) : truncated_title, network_path(network),
                    :title => network.title) %>
       </p>

Modified: trunk/app/views/packs/_table.rhtml (3578 => 3579)

--- trunk/app/views/packs/_table.rhtml	2013-05-31 15:02:58 UTC (rev 3578)
+++ trunk/app/views/packs/_table.rhtml	2013-05-31 15:05:26 UTC (rev 3579)
@@ -35,7 +35,7 @@
           <a name="<%= pack.title.gsub(/ /, "_") %>"></a>
           <p class="title">
             <%= icon "pack", nil, nil, nil, '' %>
-            <% truncated_title = truncate(pack.title, :length => 55) %>
+            <% truncated_title = h(truncate(pack.title, :length => 55)) %>
             <%=link_to(query ? highlight_all(truncated_title, query) : truncated_title, pack_path(pack),
                        :title => pack.title) %>
           </p>

Modified: trunk/app/views/workflows/_table.rhtml (3578 => 3579)

--- trunk/app/views/workflows/_table.rhtml	2013-05-31 15:02:58 UTC (rev 3578)
+++ trunk/app/views/workflows/_table.rhtml	2013-05-31 15:05:26 UTC (rev 3579)
@@ -44,7 +44,7 @@
 
           <p class="title">
             <%= icon "workflow", nil, nil, nil, '' %>
-            <% truncated_title = truncate(workflow.title, :length => 45) %>
+            <% truncated_title = h(truncate(workflow.title, :length => 45)) %>
             <%=link_to(query ? highlight_all(truncated_title, query) : truncated_title, workflow_path(workflow),
                        :title => workflow.title) %>
             <span style="font-weight:normal;">