Wrap evaluation of default values for parameters inside the HTML escaping

[rails.git] / app / views / user / account.rhtml

diff --git a/app/views/user/account.rhtml b/app/views/user/account.rhtml
index f405e0b3cf5d0a09bb9ecb2e659980b3f58b6d40..0f938df26770a0fe93030476b417d2a29dfedd7f 100644 (file)
--- a/app/views/user/account.rhtml
+++ b/app/views/user/account.rhtml
@@ -34,9 +34,9 @@
 </script>
 
 <% if @user.home_lat.nil? or @user.home_lon.nil? %>
-  <% lon =  params['lon'] || '-0.1' %>
-  <% lat =  params['lat'] || '51.5' %>
-  <% zoom =  params['zoom'] || '4' %> 
+  <% lon = h(params['lon'] || '-0.1') %>
+  <% lat = h(params['lat'] || '51.5') %>
+  <% zoom = h(params['zoom'] || '4') %> 
 <% else %>
   <% marker = true %>
   <% mlon = @user.home_lon %> 
@@ -103,11 +103,11 @@
 // -->
 </script>
 
-<h2>Privacy</h2>
+<h2>Public editing</h2>
 <% if @user.data_public? %>
   All your edits are public.
 <% else %>
-  Currently your edits are anonymous and people can't find out where you are located. To show what you edited and allow people to contact you through the website, click the button below. This action cannot be reversed.
+  Currently your edits are anonymous and people can't send you messages or see your location. To show what you edited and allow people to contact you through the website, click the button below. <b>You will need to do this if you want to use the online editor</b> (<a href="http://wiki.openstreetmap.org/index.php/Disabling_anonymous_edits">find out why</a>). This action cannot be reversed.
   <br /><br />
   <%= button_to "Make all my edits public, forever", :action => :go_public %>
 <% end %>