Use Instiki's escapeHTML Method in Templates

Fixes bug reported by Toby Bartels.
This commit is contained in:
Jacques Distler 2010-03-29 09:27:14 -05:00
parent 5f66f8387e
commit 18b5ea9aa6
3 changed files with 86 additions and 2 deletions

View file

@ -71,7 +71,7 @@ function cleanAuthorName() {
document.forms["editForm"].elements["content"].focus(); document.forms["editForm"].elements["content"].focus();
<%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) and !@page.categories.include?('S5-slideshow') -%> <%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) and !@page.categories.include?('S5-slideshow') -%>
setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>'); setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>');
addS5button('<%= CGI.escapeHTML(@page.name) %>'); addS5button('<%= @page.name.escapeHTML %>');
<%- end -%> <%- end -%>
//--><!]]> //--><!]]>
</script> </script>

View file

@ -33,6 +33,6 @@ function cleanAuthorName() {
document.forms["editForm"].elements["content"].focus(); document.forms["editForm"].elements["content"].focus();
<%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) -%> <%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) -%>
setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>'); setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>');
addS5button('<%= CGI.escapeHTML(@page_name) %>'); addS5button('<%= @page_name.escapeHTML %>');
<%- end -%> <%- end -%>
</script> </script>

File diff suppressed because one or more lines are too long