Don't run double sanitation on a string.

This messes up legitimate markup returned by sanitize, such as < when a description contains '<'. Signed-off-by: bsag <butshesagirl@rousette.org.uk>
2025-12-26 20:08:51 +01:00 · 2009-01-02 20:51:49 +08:00 · 2009-01-02 20:51:49 +08:00 · b95e02e726
commit b95e02e726
parent 6017c5d2ed
1 changed files with 2 additions and 2 deletions
--- a/app/views/todos/_todo.html.erb
+++ b/app/views/todos/_todo.html.erb
@ -13,7 +13,7 @@
    <div class="description<%= staleness_class( todo ) %>">
      <% unless @todo.completed? %><span class="defer-container"><%= defer_link(1) %> <%= defer_link(7) %></span><% end %>
      <%= date_span -%>
-      <span class="todo.descr"><%= h sanitize(todo.description) %></span>
+      <span class="todo.descr"><%= sanitize(todo.description) %></span>
      <%= link_to(
        image_tag("recurring16x16.png"),
        {:controller => "recurring_todos", :action => "index"},
@ -31,4 +31,4 @@
    <% end -%>
  </div>
 </div>
-<%=  apply_behaviour ".date_clear:click","var selector_x = this.getAttribute('id').replace('_x', ''); $(selector_x).value='';" %>
+<%=  apply_behaviour ".date_clear:click","var selector_x = this.getAttribute('id').replace('_x', ''); $(selector_x).value='';" %>