diff options
| author | jomo <github@jomo.tv> | 2016-05-19 20:15:07 +0200 |
|---|---|---|
| committer | jomo <github@jomo.tv> | 2016-05-19 20:15:07 +0200 |
| commit | f633b49eca7e7cc54897370fbb61b5379307cd6c (patch) | |
| tree | d6f26211ea2c0d3a298ffa7d45750ddfcd8c8bda | |
| parent | bd061d344169c200a799b25b3c7cb6d50787a31e (diff) | |
fix potential XSS
| -rw-r--r-- | app/views/layouts/application.html.erb | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 34dd727..a0a5f83 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -15,8 +15,12 @@ <body> <%= render partial: "/layouts/head" %> <div id="main-content" class="<%= yield(:main_class) %>"> - <%= "<div class='flash alert'>#{alert}</div>".html_safe if alert %> - <%= "<div class='flash notice'>#{notice}</div>".html_safe if notice %> + <% if alert %> + <div class='flash alert'><%= alert %></div> + <% end %> + <% if notice %> + <div class='flash notice'><%= notice %></div> + <% end %> <%= yield %> </div> <%= render partial: "/layouts/footer" %> |