22edec5776
Haml's HTML escaping option was not on, leaving the site open for xss attacks. This would seem to fix it.
14 lines
386 B
Ruby
14 lines
386 B
Ruby
# Copyright (c) 2010, Diaspora Inc. This file is
|
|
# licensed under the Affero General Public License version 3. See
|
|
# the COPYRIGHT file.
|
|
|
|
|
|
|
|
# Load the rails application
|
|
require File.expand_path('../application', __FILE__)
|
|
Haml::Template.options[:format] = :html5
|
|
Haml::Template.options[:escape_html] = true
|
|
# Initialize the rails application
|
|
Diaspora::Application.initialize!
|
|
|
|
|