nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adding Haml html escaping.

Browse source 
Haml's HTML escaping option was not on, leaving the site open for xss
attacks. This would seem to fix it.
This commit is contained in:
Steve Klabnik 2010-09-17 06:39:51 +08:00 committed by Maxwell Salzberg
parent dea0912c28
commit 22edec5776
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/environment.rb
View file

@ -7,6 +7,7 @@
# Load the rails application # Load the rails application
require File.expand_path('../application', __FILE__) require File.expand_path('../application', __FILE__)
Haml::Template.options[:format] = :html5 Haml::Template.options[:format] = :html5
Haml::Template.options[:escape_html] = true
# Initialize the rails application # Initialize the rails application
Diaspora::Application.initialize! Diaspora::Application.initialize!