X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/7b172efeb62dca337e356dab0d14c69ec51216b7..2cbcabb3f6992904903a72dfbcef624bd391a314:/app/views/diary_entry/new.rhtml

diff --git a/app/views/diary_entry/new.rhtml b/app/views/diary_entry/new.rhtml
index 69995d00e..d93e3e023 100644
--- a/app/views/diary_entry/new.rhtml
+++ b/app/views/diary_entry/new.rhtml
@@ -23,13 +23,13 @@
 <% end %>
 
 <% if @user.home_lat.nil? or @user.home_lon.nil? %>
-  <% lon =  params['lon'] || '-0.1' %>
-  <% lat =  params['lat'] || '51.5' %>
-  <% zoom =  params['zoom'] || '4' %> 
+  <% lon = h(params['lon']) || '-0.1' %>
+  <% lat = h(params['lat']) || '51.5' %>
+  <% zoom = h(params['zoom']) || '4' %> 
 <% else %>
-  <% lon =  @user.home_lon %>
-  <% lat =  @user.home_lat %>
-  <% zoom =  '12' %>
+  <% lon = @user.home_lon %>
+  <% lat = @user.home_lat %>
+  <% zoom = '12' %>
 <% end %>
 
 <script type="text/javascript" src="/openlayers/OpenLayers.js"></script>
@@ -68,4 +68,4 @@
 
   window.onload = init;
 // -->
-</script>
\ No newline at end of file
+</script>