Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-12-29 05:18:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't run double sanitation on a string.

Browse source 
This messes up legitimate markup returned by sanitize, such as < when
a description contains '<'.
This commit is contained in:
Hans de Graaff 2009-01-02 13:51:49 +01:00
parent f5162ed8da
commit 5cd65d0566
1 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/views/todos/_todo.html.erb
View file

@ -23,7 +23,7 @@ parameters += "&_tag_name=#{@tag_name}" if @source_view == 'tag'
</ul></ul>
<div class="description<%= staleness_class( todo ) %>">
<%= date_span -%>
<span class="todo.descr"><%= h sanitize(todo.description) %></span>
<span class="todo.descr"><%= sanitize(todo.description) %></span>
<%= image_tag_for_recurring_todo(todo) if @todo.from_recurring_todo? %>
<%= tag_list %>
<%= deferred_due_date %>
@ -37,4 +37,9 @@ parameters += "&_tag_name=#{@tag_name}" if @source_view == 'tag'
<div class="placeholder"> </div>
<% end -%>
</div>
</div>
<<<<<<< HEAD:app/views/todos/_todo.html.erb
</div>
=======
</div>
<%= apply_behaviour ".date_clear:click","var selector_x = this.getAttribute('id').replace('_x', ''); $(selector_x).value='';" %>
>>>>>>> Don't run double sanitation on a string.:app/views/todos/_todo.html.erb