diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-07-11 01:07:20 +0400 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-07-11 01:07:20 +0400 |
| commit | 1218a5e630f7ca6d1f1bb58d1ad1fef0974c70ad (patch) | |
| tree | 242726ae70a565e6ea5d3446964e79ac4a63d74e /app | |
| parent | a019b49a2b23f1853bf315b2fa6a803e8a05c011 (diff) | |
Add html_escape to project description. auto_link set description to html_safe but! dont escape html :(.
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'app')
| -rw-r--r-- | app/views/projects/_home_panel.html.haml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/projects/_home_panel.html.haml b/app/views/projects/_home_panel.html.haml index 2a97cb49039..ddf815ebd99 100644 --- a/app/views/projects/_home_panel.html.haml +++ b/app/views/projects/_home_panel.html.haml @@ -17,7 +17,7 @@ .col-md-7 .project-home-desc - if @project.description.present? - = auto_link @project.description, link: :urls + = auto_link ERB::Util.html_escape(@project.description), link: :urls - if can?(current_user, :admin_project, @project) – %strong= link_to 'Edit', edit_project_path |