Adding Haml html escaping.
Haml's HTML escaping option was not on, leaving the site open for xss attacks. This would seem to fix it.
This commit is contained in:
Steve Klabnik
Maxwell Salzberg
parent
dea0912c28
commit
22edec5776
1 changed files with 1 additions and 0 deletions
|
|
@ -7,6 +7,7 @@
|
|||
# Load the rails application
|
||||
require File.expand_path('../application', __FILE__)
|
||||
Haml::Template.options[:format] = :html5
|
||||
Haml::Template.options[:escape_html] = true
|
||||
# Initialize the rails application
|
||||
Diaspora::Application.initialize!
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue