Use Instiki's escapeHTML Method in Templates
Fixes bug reported by Toby Bartels.
This commit is contained in:
parent
5f66f8387e
commit
18b5ea9aa6
|
@ -71,7 +71,7 @@ function cleanAuthorName() {
|
||||||
document.forms["editForm"].elements["content"].focus();
|
document.forms["editForm"].elements["content"].focus();
|
||||||
<%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) and !@page.categories.include?('S5-slideshow') -%>
|
<%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) and !@page.categories.include?('S5-slideshow') -%>
|
||||||
setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>');
|
setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>');
|
||||||
addS5button('<%= CGI.escapeHTML(@page.name) %>');
|
addS5button('<%= @page.name.escapeHTML %>');
|
||||||
<%- end -%>
|
<%- end -%>
|
||||||
//--><!]]>
|
//--><!]]>
|
||||||
</script>
|
</script>
|
||||||
|
|
|
@ -33,6 +33,6 @@ function cleanAuthorName() {
|
||||||
document.forms["editForm"].elements["content"].focus();
|
document.forms["editForm"].elements["content"].focus();
|
||||||
<%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) -%>
|
<%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) -%>
|
||||||
setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>');
|
setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>');
|
||||||
addS5button('<%= CGI.escapeHTML(@page_name) %>');
|
addS5button('<%= @page_name.escapeHTML %>');
|
||||||
<%- end -%>
|
<%- end -%>
|
||||||
</script>
|
</script>
|
||||||
|
|
84
public/svg-edit/editor/jquery-ui/jquery-ui-1.8.custom.min.js
vendored
Executable file
84
public/svg-edit/editor/jquery-ui/jquery-ui-1.8.custom.min.js
vendored
Executable file
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue