Add html_escape to project description. auto_link set description to html_safe but! dont escape html :(.
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
This commit is contained in:
parent
a019b49a2b
commit
1218a5e630
|
@ -17,7 +17,7 @@
|
|||
.col-md-7
|
||||
.project-home-desc
|
||||
- if @project.description.present?
|
||||
= auto_link @project.description, link: :urls
|
||||
= auto_link ERB::Util.html_escape(@project.description), link: :urls
|
||||
- if can?(current_user, :admin_project, @project)
|
||||
–
|
||||
%strong= link_to 'Edit', edit_project_path
|
||||
|
|
Loading…
Reference in New Issue