fix potential XSS

2016-05-19 20:15:07 +02:00
parent bd061d3441
commit f633b49eca
1 changed files with 6 additions and 2 deletions
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -15,8 +15,12 @@
 <body>
  <%= render partial: "/layouts/head" %>
  <div id="main-content" class="<%= yield(:main_class) %>">
-    <%= "<div class='flash alert'>#{alert}</div>".html_safe if alert %>
-    <%= "<div class='flash notice'>#{notice}</div>".html_safe if notice %>
+    <% if alert %>
+      <div class='flash alert'><%= alert %></div>
+    <% end %>
+    <% if notice %>
+      <div class='flash notice'><%= notice %></div>
+    <% end %>
    <%= yield %>
  </div>
  <%= render partial: "/layouts/footer" %>