From 07a8fa8bb6cd1ae643c15436ca83826ee7e570a5 Mon Sep 17 00:00:00 2001
From: Daniel Vincent Grippi <Dan@SPEEDRACER.local>
Date: Thu, 16 Sep 2010 08:32:19 -0700
Subject: [PATCH] fixed xss bug in comment view partial.

---
 app/views/comments/_comment.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/comments/_comment.html.haml b/app/views/comments/_comment.html.haml
index 6b6c1dab5..56252c83d 100644
--- a/app/views/comments/_comment.html.haml
+++ b/app/views/comments/_comment.html.haml
@@ -7,6 +7,6 @@
   = person_image_tag(post.person)
   %span.from
     = link_to post.person.real_name, post.person
-    = auto_link post.text
+    = auto_link sanitize post.text
   %div.time
     = "#{time_ago_in_words(post.updated_at)} ago"