Commit 0e7349ca authored by Albert Yi's avatar Albert Yi

fix xss vuln

parent 4b790e16
......@@ -236,7 +236,7 @@
if (desc.length > 30) {
desc = desc.substring(0, 30) + "...";
}
var $del = $("<del/>").html(desc);
var $del = $("<del/>").text(desc);
$ul.append($("<li/>").html($del));
} else if (text.match(/^ http/)) {
text = text.substring(1, 1000);
......
......@@ -16,7 +16,7 @@
</div>
<%= f.input :other_names_comma, :hint => "Separate with commas", :as => :text, :label => "Other names" %>
<%= f.input :group_name %>
<%= f.input :url_string, :label => "URLs", :as => :text, :input_html => {:size => "50x5", :value => params.dig(:artist, :url_string) || @artist.url_array.join("\n")} %>
<%= f.input :url_string, :label => "URLs", :as => :text, :input_html => {:size => "50x5", :value => params.dig(:artist, :url_string) || @artist.urls.join("\n")} %>
<%= dtext_field "artist", "notes" %>
<%= f.button :submit, "Submit" %>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment