removed the auto_link seems to fix HTML injection, no more autolinking

2010-09-21 11:59:04 -07:00 · 2010-09-21 11:59:04 -07:00 · 1882509a0b
commit 1882509a0b
parent 5ffb5adb65
3 changed files with 3 additions and 3 deletions
--- a/app/views/comments/_comment.html.haml
+++ b/app/views/comments/_comment.html.haml
@ -7,6 +7,6 @@
  = person_image_tag(post.person)
  %span.from
    = link_to post.person.real_name, post.person
-    = auto_link sanitize post.text
+    = post.text
  %div.time
    = "#{time_ago_in_words(post.updated_at)} #{t('.ago')}"
--- a/app/views/status_messages/_status_message.html.haml
+++ b/app/views/status_messages/_status_message.html.haml
@ -10,7 +10,7 @@
  .content
    %span.from
      = link_to post.person.real_name, post.person 
-      = auto_link sanitize post.message
+      = post.message
      
    .info
      %span.time= link_to(how_long_ago(post), object_path(post))
--- a/app/views/status_messages/show.html.haml
+++ b/app/views/status_messages/show.html.haml
@ -5,7 +5,7 @@

 %h1
  = link_to @status_message.person.real_name, @status_message.person
-  = auto_link sanitize @status_message.message
+  = @status_message.message
  

 %h4= "comments (#{@status_message.comments.count})"