]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/user/account.rhtml
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
HTML escape substituted parameter values to avoid injection attacks.
[rails.git] / app / views / user / account.rhtml
diff --git a/app/views/user/account.rhtml b/app/views/user/account.rhtml
index b25cb0071bf237ea8899d49ebac0d07b1f208cc9..1a18c90b21575eb46d54c56dee5a978a338fef9d 100644 (file)
--- a/app/views/user/account.rhtml
+++ b/app/views/user/account.rhtml
@@ -34,9 +34,9 @@
 </script>
 
 <% if @user.home_lat.nil? or @user.home_lon.nil? %>
-  <% lon =  params['lon'] || '-0.1' %>
-  <% lat =  params['lat'] || '51.5' %>
-  <% zoom =  params['zoom'] || '4' %> 
+  <% lon = h(params['lon']) || '-0.1' %>
+  <% lat = h(params['lat']) || '51.5' %>
+  <% zoom = h(params['zoom']) || '4' %> 
 <% else %>
   <% marker = true %>
   <% mlon = @user.home_lon %> 
The OpenStreetMap web site