zenon/tiss2go
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Do not parse HTML

Browse Source 
Might allow an attacker (in this case someone creating a course in TISS)
to do some nasty HTML injection. But eeeh, who cares? ¯\_(ツ)_/¯
This commit is contained in:
Tobias Eidelpes 2020-05-27 20:07:04 +02:00
parent b12d161b0e
commit c9f93d6fd8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/views/crawlers/projects_crawler/show_detail.html.erb
View File

@ -4,11 +4,11 @@
<%= button_to 'Add to favorites', action: :add_to_fav, id: @id, title: @project['titleDe'] %> <%= button_to 'Add to favorites', action: :add_to_fav, id: @id, title: @project['titleDe'] %>
<% if @project['abstractDe'] != nil %> <% if @project['abstractDe'] != nil %>
<h4>Beschreibung</h4> <h4>Beschreibung</h4>
<p><%= @project['abstractDe'] %></p> <p><%= raw @project['abstractDe'] %></p>
<% else %> <% else %>
<% if @project['abstractEn'] != nil %> <% if @project['abstractEn'] != nil %>
<h4>Beschreibung</h4> <h4>Beschreibung</h4>
<p><%= @project['abstractEn'] %></p> <p><%= raw @project['abstractEn'] %></p>
<% end %> <% end %>
<% end %> <% end %>
<% end %> <% end %>