Add html_escape to project description. auto_link set description to html_safe but! dont escape html :(.

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-07-11 00:07:20 +03:00 · 2014-07-11 00:07:20 +03:00 · 1218a5e630
parent a019b49a2b
commit 1218a5e630
1 changed files with 1 additions and 1 deletions
--- a/app/views/projects/_home_panel.html.haml
+++ b/app/views/projects/_home_panel.html.haml
@ -17,7 +17,7 @@
    .col-md-7
      .project-home-desc
        - if @project.description.present?
-          = auto_link @project.description, link: :urls
+          = auto_link ERB::Util.html_escape(@project.description), link: :urls
        - if can?(current_user, :admin_project, @project)
          &ndash;
          %strong= link_to 'Edit', edit_project_path