Prevent xss attack over group name. Added regex validation for group and team name

2013-02-18 09:28:18 +02:00 · 2013-02-18 09:28:18 +02:00 · 020078663e
commit 020078663e
parent cfdf94fc27
5 changed files with 22 additions and 6 deletions
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@ -56,7 +56,7 @@ module ProjectsHelper
  def project_title project
    if project.group
      content_tag :span do
-        link_to(project.group.name, group_path(project.group)) + " / " + project.name
+        link_to(simple_sanitize(project.group.name), group_path(project.group)) + " / " + project.name
      end
    else
      project.name