From f633b49eca7e7cc54897370fbb61b5379307cd6c Mon Sep 17 00:00:00 2001
From: jomo <github@jomo.tv>
Date: Thu, 19 May 2016 20:15:07 +0200
Subject: fix potential XSS

---
 app/views/layouts/application.html.erb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 34dd727..a0a5f83 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -15,8 +15,12 @@
 <body>
   <%= render partial: "/layouts/head" %>
   <div id="main-content" class="<%= yield(:main_class) %>">
-    <%= "<div class='flash alert'>#{alert}</div>".html_safe if alert %>
-    <%= "<div class='flash notice'>#{notice}</div>".html_safe if notice %>
+    <% if alert %>
+      <div class='flash alert'><%= alert %></div>
+    <% end %>
+    <% if notice %>
+      <div class='flash notice'><%= notice %></div>
+    <% end %>
     <%= yield %>
   </div>
   <%= render partial: "/layouts/footer" %>
-- 
cgit v1.2.3