diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2006-12-17 08:10:18 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2006-12-17 08:10:18 +0000 |
| commit | 2b86ef8e28d0e5376197391c29a8fb302f14820f (patch) | |
| tree | e5a80fb24158b350507c28021418a19aa7084991 /app/views/welcome | |
| parent | 3e28dc669b014db811c0de673a090adf54f42bc1 (diff) | |
| download | redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.tar.gz redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.zip | |
various modifications to prevent xss
- validation of names and labels against /^[\w\s\'\-]*$/i
- html entities encoding
git-svn-id: http://redmine.rubyforge.org/svn/trunk@99 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/views/welcome')
| -rw-r--r-- | app/views/welcome/index.rhtml | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/app/views/welcome/index.rhtml b/app/views/welcome/index.rhtml index abee85691..24c969e6f 100644 --- a/app/views/welcome/index.rhtml +++ b/app/views/welcome/index.rhtml @@ -4,14 +4,7 @@ <% if $RDM_WELCOME_TEXT %><p><%= $RDM_WELCOME_TEXT %></p><br /><% end %>
<div class="box">
<h3><%=l(:label_news_latest)%></h3> - <% for news in @news %>
- <p>
- <b><%= news.title %></b> (<%= link_to_user news.author %> <%= format_time(news.created_on) %> - <%= news.project.name %>)<br />
- <% unless news.summary.empty? %><%= news.summary %><br /><% end %>
- [<%= link_to l(:label_read), :controller => 'news', :action => 'show', :id => news %>]
- </p>
- <hr />
- <% end %>
+ <%= render :partial => 'news/news', :collection => @news %>
</div>
</div>
@@ -22,7 +15,7 @@ <% for project in @projects %>
<li>
<%= link_to project.name, :controller => 'projects', :action => 'show', :id => project %> (<%= format_time(project.created_on) %>)<br />
- <%= project.description %>
+ <%=h project.description %>
</li>
<% end %>
</ul>
|