Fix XSS in post thumbnail data attributes.

2017-03-21 17:15:58 -05:00
parent 2aa3f9ceba
commit d1debecd0b
1 changed files with 2 additions and 2 deletions
--- a/app/presenters/post_presenter.rb
+++ b/app/presenters/post_presenter.rb
@@ -88,8 +88,8 @@ class PostPresenter < Presenter
      data-file-url="#{post.file_url}"
      data-large-file-url="#{post.large_file_url}"
      data-preview-file-url="#{post.preview_file_url}"
-      data-source="#{post.source}"
-      data-normalized-source="#{post.normalized_source}"
+      data-source="#{h(post.source}"
+      data-normalized-source="#{h(post.normalized_source)}"
    }.html_safe
  end