nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

removed the auto_link seems to fix HTML injection, no more autolinking

Browse source
This commit is contained in:
ilya 2010-09-21 11:59:04 -07:00
parent 5ffb5adb65
commit 1882509a0b
3 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/views/comments/_comment.html.haml
View file

@ -7,6 +7,6 @@
= person_image_tag(post.person) = person_image_tag(post.person)
%span.from %span.from
= link_to post.person.real_name, post.person = link_to post.person.real_name, post.person
= auto_link sanitize post.text = post.text
%div.time %div.time
= "#{time_ago_in_words(post.updated_at)} #{t('.ago')}" = "#{time_ago_in_words(post.updated_at)} #{t('.ago')}"

2
app/views/status_messages/_status_message.html.haml
View file

@ -10,7 +10,7 @@
.content .content
%span.from %span.from
= link_to post.person.real_name, post.person = link_to post.person.real_name, post.person
= auto_link sanitize post.message = post.message
.info .info
%span.time= link_to(how_long_ago(post), object_path(post)) %span.time= link_to(how_long_ago(post), object_path(post))

2
app/views/status_messages/show.html.haml
View file

@ -5,7 +5,7 @@
%h1 %h1
= link_to @status_message.person.real_name, @status_message.person = link_to @status_message.person.real_name, @status_message.person
= auto_link sanitize @status_message.message = @status_message.message
%h4= "comments (#{@status_message.comments.count})" %h4= "comments (#{@status_message.comments.count})"