jro_apps/redmine Commit - r5627:1d78dd832458

HTML escape some user values in account sidebar (#8345)....

Toshi MARUYAMA -

r5627:1d78dd832458

parent child

Context file:

r5627:1d78dd832458

app/views/my/_sidebar.rhtml +2 -2

              <h3><%=l(:label_my_account)%></h3>
-             <p><%=l(:field_login)%>: <strong><%= link_to @user.login, user_path(@user) %></strong><br />
+             <p><%=l(:field_login)%>: <strong><%= link_to(h(@user.login), user_path(@user) %></strong><br />
              <%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p>
              <h4><%= l(:label_api_access_key) %></h4>
              <div>
                <%= link_to_function(l(:button_show), "$('api-access-key').toggle();")%>
-               <pre id='api-access-key' class='autoscroll'><%= @user.api_key %></pre>
+               <pre id='api-access-key' class='autoscroll'><%= h(@user.api_key) %></pre>
              </div>
              <%= javascript_tag("$('api-access-key').hide();") %>
              <p>

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages