From 22edec57766356cdc3d73740b65a557d2a6f57bd Mon Sep 17 00:00:00 2001
From: Steve Klabnik <steve@steveklabnik.com>
Date: Fri, 17 Sep 2010 06:39:51 +0800
Subject: [PATCH] Adding Haml html escaping.

Haml's HTML escaping option was not on, leaving the site open for xss
attacks. This would seem to fix it.
---
 config/environment.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/environment.rb b/config/environment.rb
index dc11087dd..385a96651 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -7,6 +7,7 @@
 # Load the rails application
 require File.expand_path('../application', __FILE__)
 Haml::Template.options[:format] = :html5
+Haml::Template.options[:escape_html] = true
 # Initialize the rails application
 Diaspora::Application.initialize!