Commit 315ec5f6 authored by Eric Davis's avatar Eric Davis

HTML escape some user values

parent e9c542d7
<h3><%=l(:label_my_account)%></h3> <h3><%=l(:label_my_account)%></h3>
<p><%=l(:field_login)%>: <strong><%= link_to @user.login, user_path(@user) %></strong><br /> <p><%=l(:field_login)%>: <strong><%= link_to(h(@user.login), user_path(@user) %></strong><br />
<%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p> <%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p>
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
<h4><%= l(:label_api_access_key) %></h4> <h4><%= l(:label_api_access_key) %></h4>
<div> <div>
<%= link_to_function(l(:button_show), "$('api-access-key').toggle();")%> <%= link_to_function(l(:button_show), "$('api-access-key').toggle();")%>
<pre id='api-access-key' class='autoscroll'><%= @user.api_key %></pre> <pre id='api-access-key' class='autoscroll'><%= h(@user.api_key) %></pre>
</div> </div>
<%= javascript_tag("$('api-access-key').hide();") %> <%= javascript_tag("$('api-access-key').hide();") %>
<p> <p>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment