]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/user_blocks/blocks_by.html.erb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* use h() on username to avoid XSS
[rails.git] / app / views / user_blocks / blocks_by.html.erb
diff --git a/app/views/user_blocks/blocks_by.html.erb b/app/views/user_blocks/blocks_by.html.erb
index d49a74c0a934146f5837e0dec134f242e18c5390..0140534c4ec63453a0280c61ba3338a8939567d5 100644 (file)
--- a/app/views/user_blocks/blocks_by.html.erb
+++ b/app/views/user_blocks/blocks_by.html.erb
@@ -1,3 +1,4 @@
-<h1><%= t('user_block.blocks_by.heading', :name => @this_user.display_name) %></h1>
+<% @title = t('user_block.blocks_by.title', :name => h(@this_user.display_name)) %>
+<h1><%= t('user_block.blocks_by.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name})) %></h1>
 
 <%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => true, :show_creator_name => false } %>
The OpenStreetMap web site