jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #2275 from evazion/xss/artist-history

Browse Source 
Fix XSS in /artist_versions.
This commit is contained in:
Albert Yi
2014-10-17 14:33:59 -07:00
parent 4249f528f9 de289ee5d3
commit b9208b9834
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/helpers/artist_versions_helper.rb
View File

@@ -3,13 +3,13 @@ module ArtistVersionsHelper
diff = artist_version.other_names_diff(artist_version.previous) diff = artist_version.other_names_diff(artist_version.previous)
html = [] html = []
diff[:added_names].each do |name| diff[:added_names].each do |name|
html << '<ins>' + name + '</ins>' html << '<ins>' + h(name) + '</ins>'
end end
diff[:removed_names].each do |name| diff[:removed_names].each do |name|
html << '<del>' + name + '</del>' html << '<del>' + h(name) + '</del>'
end end
diff[:unchanged_names].each do |name| diff[:unchanged_names].each do |name|
html << '<span>' + name + '</span>' html << '<span>' + h(name) + '</span>'
end end
return html.join(" ").html_safe return html.join(" ").html_safe
end end
@@ -18,13 +18,13 @@ module ArtistVersionsHelper
diff = artist_version.urls_diff(artist_version.previous) diff = artist_version.urls_diff(artist_version.previous)
html = [] html = []
diff[:added_urls].each do |url| diff[:added_urls].each do |url|
html << '<li><ins>' + url + '</ins></li>' html << '<li><ins>' + h(url) + '</ins></li>'
end end
diff[:removed_urls].each do |url| diff[:removed_urls].each do |url|
html << '<li><del>' + url + '</del></li>' html << '<li><del>' + h(url) + '</del></li>'
end end
diff[:unchanged_urls].each do |url| diff[:unchanged_urls].each do |url|
html << '<li><span>' + url + '</span></li>' html << '<li><span>' + h(url) + '</span></li>'
end end
return html.join(" ").html_safe return html.join(" ").html_safe
end end