diff options
author | Jonne Haß <me@mrzyx.de> | 2014-08-30 22:04:36 +0400 |
---|---|---|
committer | Jonne Haß <me@mrzyx.de> | 2014-08-30 22:06:03 +0400 |
commit | 5d549f553b488c7e71f11f6a5ae4d15ec1b37fa3 (patch) | |
tree | 9f414c04d56c65d1d4f2b333481d47665a08bda8 /app | |
parent | 5a4697e2544a76c2d59ae5c3351a28c9d2b7febc (diff) |
Escape person name in contacts json
jQuery autoSuggest uses .html to insert it into the DOM
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/conversations_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/conversations_controller.rb b/app/controllers/conversations_controller.rb index 180c42bf6..8322cfb3c 100644 --- a/app/controllers/conversations_controller.rb +++ b/app/controllers/conversations_controller.rb @@ -85,7 +85,7 @@ class ConversationsController < ApplicationController all_contacts_and_ids = Contact.connection.select_rows( current_user.contacts.where(:sharing => true).joins(:person => :profile). select("contacts.id, profiles.first_name, profiles.last_name, people.diaspora_handle").to_sql - ).map{|r| {:value => r[0], :name => Person.name_from_attrs(r[1], r[2], r[3]).gsub(/(")/, "'")} } + ).map{|r| {:value => r[0], :name => ERB::Util.h(Person.name_from_attrs(r[1], r[2], r[3]).gsub(/(")/, "'"))} } @contact_ids = "" |