prevent xss

10 years ago · 03278b470a
parent 073a6e6c7e
commit 03278b470a
1 changed files with 1 additions and 1 deletions
--- a/app/views/documents/show.html.erb
+++ b/app/views/documents/show.html.erb
@ -31,7 +31,7 @@ See doc/COPYRIGHT.rdoc for more details.
 ++#%>

 <% html_title h(@document.title) -%>
-<%= toolbar title: @document.title, subtitle: "#{@document.category.name} - #{format_date @document.created_on}" do %>
+<%= toolbar title: @document.title, subtitle: "#{h @document.category.name} - #{format_date @document.created_on}" do %>
  <% if authorize_for(:documents, :edit) %>
    <li class="toolbar-item">
      <%= link_to({:controller => '/documents', :action => 'edit', :id => @document}, class: 'button', accesskey: accesskey(:edit)) do %>