jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #2274 from evazion/xss/pool-gallery

Browse Source 
Fix XSS in pool names in /pools/gallery page.
This commit is contained in:
Albert Yi
2014-10-17 14:33:48 -07:00
parent 6d68f1357e 22c624c356
commit 4249f528f9
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/presenters/post_presenter.rb
View File

@@ -27,7 +27,7 @@ class PostPresenter < Presenter
if options[:pool]
html << %{<p class="desc">}
html << %{<a href="/pools/#{options[:pool].id}">}
html << options[:pool].pretty_name.truncate(80)
html << h(options[:pool].pretty_name.truncate(80))
html << %{</a>}
html << %{</p>}
end