forked from OpenNeo/impress
fix petpage export item name filtering
The "Abominable Snowball Winter Onesie" can get blocked for including the string " On". So, we meant to filter that to " O<b></b>n" so that the filter wouldn't return that false positive on an XSS attempt, but were accidentally filtering it to " o<b></b&;gtn". Fixed :)
This commit is contained in:
parent
c46d7ae2c0
commit
5218b43df4
1 changed files with 1 additions and 1 deletions
|
@ -77,7 +77,7 @@ module ClosetHangersHelper
|
||||||
end
|
end
|
||||||
|
|
||||||
def petpage_item_name(item)
|
def petpage_item_name(item)
|
||||||
item.name.gsub(/ on/i, ' o<b></b>n')
|
item.name.gsub(/ On/i, ' O<b></b>n').html_safe
|
||||||
end
|
end
|
||||||
|
|
||||||
PETPAGE_IMAGE_URL_BLACKLIST = %w(window. ondrop)
|
PETPAGE_IMAGE_URL_BLACKLIST = %w(window. ondrop)
|
||||||
|
|
Loading…
Reference in a new issue