Merge branch 'escape-before-autolink' into 'master'

Escape before autolink Because auto_link set description to html_safe but dont escape html!!! :( See merge request !963

Merge branch 'escape-before-autolink' into 'master'
Escape before autolink Because auto_link set description to html_safe but dont escape html!!! :( See merge request !963
fa4c7f76 · Dmitriy Zaporozhets · a019b49a · 1218a5e6 · fa4c7f76
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

app/views/projects/_home_panel.html.haml app/views/projects/_home_panel.html.haml +1 -1

未找到文件。
--- a/app/views/projects/_home_panel.html.haml
+++ b/app/views/projects/_home_panel.html.haml
@@ -17,7 +17,7 @@
    .col-md-7
      .project-home-desc
        - if @project.description.present?
-          = auto_link @project.description, link: :urls
+          = auto_link ERB::Util.html_escape(@project.description), link: :urls
        - if can?(current_user, :admin_project, @project)
          &ndash;
          %strong= link_to 'Edit', edit_project_path