diff options
author | Robert Speicher <robert@gitlab.com> | 2015-12-25 01:19:36 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2015-12-25 01:20:02 +0300 |
commit | 476f6238b9b8f6541304c952a5b4250b1573380e (patch) | |
tree | ea341ee86d909c04f8996d5215a8b2cb439e78f3 /lib/banzai/filter/reference_filter.rb | |
parent | 8c208a90eb84e44ff30b1c1ddf5234edf22d62fa (diff) |
Merge branch 'ref-filter-html' into 'master'
Escape all the things.
See merge request !2209
Diffstat (limited to 'lib/banzai/filter/reference_filter.rb')
-rw-r--r-- | lib/banzai/filter/reference_filter.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/banzai/filter/reference_filter.rb b/lib/banzai/filter/reference_filter.rb index 33457a3f361..a22a7a7afd3 100644 --- a/lib/banzai/filter/reference_filter.rb +++ b/lib/banzai/filter/reference_filter.rb @@ -44,11 +44,11 @@ module Banzai # Returns a String def data_attribute(attributes = {}) attributes[:reference_filter] = self.class.name.demodulize - attributes.map { |key, value| %Q(data-#{key.to_s.dasherize}="#{value}") }.join(" ") + attributes.map { |key, value| %Q(data-#{key.to_s.dasherize}="#{escape_once(value)}") }.join(" ") end def escape_once(html) - ERB::Util.html_escape_once(html) + html.html_safe? ? html : ERB::Util.html_escape_once(html) end def ignore_parents |