1
0
Fork 0
forked from OpenNeo/impress

fix petpage export item name filtering

The "Abominable Snowball Winter Onesie" can get blocked for including the string " On".
So, we meant to filter that to " O<b></b>n" so that the filter wouldn't return that false
positive on an XSS attempt, but were accidentally filtering it to " o&lt;b&gt;&lt;/b&;gtn".
Fixed :)
This commit is contained in:
Emi Matchu 2012-04-08 14:53:26 -05:00
parent c46d7ae2c0
commit 5218b43df4

View file

@ -77,7 +77,7 @@ module ClosetHangersHelper
end end
def petpage_item_name(item) def petpage_item_name(item)
item.name.gsub(/ on/i, ' o<b></b>n') item.name.gsub(/ On/i, ' O<b></b>n').html_safe
end end
PETPAGE_IMAGE_URL_BLACKLIST = %w(window. ondrop) PETPAGE_IMAGE_URL_BLACKLIST = %w(window. ondrop)