added sanitize, fixes #26: Clicking the wiki link withing comments gives a "page does not exist" error

2011-09-13 15:19:07 -04:00
parent 6da2bbde0d
commit a19dd6a69f
5 changed files with 25 additions and 17 deletions
--- a/app/views/notes/_note.html.erb
+++ b/app/views/notes/_note.html.erb
@@ -1 +1 @@
-<%= content_tag(:article, raw(note.body), "data-width" => note.width, "data-height" => note.height, "data-x" => note.x, "data-y" => note.y, "data-id" => note.id) %>
+<%= content_tag(:article, raw(Sanitize.clean(note.body)), "data-width" => note.width, "data-height" => note.height, "data-x" => note.x, "data-y" => note.y, "data-id" => note.id) %>
--- a/app/views/posts/show.html.erb
+++ b/app/views/posts/show.html.erb
@@ -50,7 +50,7 @@
      </menu>

      <section id="comments">
-        <%= render "comments/partials/index/list", :comments => @post.comments, :post => @post, :show_header => false %>
+        <%= render "comments/partials/index/list", :comments => @post.comments.reverse, :post => @post, :show_header => false %>
      </section>

      <section id="notes">