fix XSS vunerability. Thanks Mesut Timur for spotting this!

2026-01-01 06:48:49 +01:00 · 2011-03-11 15:14:45 +01:00 · 2011-03-11 15:14:45 +01:00 · c94d1f58b2
commit c94d1f58b2
parent 7bb4a01f20
1 changed files with 2 additions and 2 deletions
--- a/app/controllers/todos_controller.rb
+++ b/app/controllers/todos_controller.rb
@ -517,7 +517,7 @@ class TodosController < ApplicationController
  def tag
    init_data_for_sidebar unless mobile?
    @source_view = params['_source_view'] || 'tag'
-    @tag_name = params[:name]
+    @tag_name = sanitize(params[:name]) # sanitize to prevent XSS vunerability!
    @page_title = t('todos.tagged_page_title', :tag_name => @tag_name)
    
    # mobile tags are routed with :name ending on .m. So we need to chomp it
@ -1334,4 +1334,4 @@ class TodosController < ApplicationController
          
  end

-end
+end