mirror of
https://github.com/TracksApp/tracks.git
synced 2026-02-26 00:54:08 +01:00
Sanitize output well, but entity-ize < and > in notes
Coming from a rich message or API call, notes can contain HTML and it will render to the browser. Coming from a normal todo creation, though, all < and > characters will be replaced with the corresponding entities. This preserves HTML emails, but prevents users from breaking the layout by entering broken HTML for todo notes. Closes #765
This commit is contained in:
Eric Allen
parent
fdba48c769
commit
68701adaca
3 changed files with 17 additions and 4 deletions
|
|
@ -23,6 +23,7 @@ Rails::Initializer.run do |config|
|
|||
config.gem "RedCloth"
|
||||
config.gem "soap4r", :lib => false
|
||||
config.gem 'datanoise-actionwebservice', :lib => 'actionwebservice'
|
||||
config.gem 'sanitize'
|
||||
|
||||
config.action_controller.use_accept_header = true
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue