X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/a8333a38a2c9abf3304d61b20c5215d75fdd5795..15c492ebfe7aa6527f7b24fe23056ee9947286d1:/app/views/site/edit.rhtml

diff --git a/app/views/site/edit.rhtml b/app/views/site/edit.rhtml
index de2764115..5b1b81108 100644
--- a/app/views/site/edit.rhtml
+++ b/app/views/site/edit.rhtml
@@ -24,17 +24,17 @@
 <% session[:token] = @user.tokens.create.token unless session[:token] %>
 
 <% if params['mlon'] and params['mlat'] %>
-<% lon =  params['mlon'] %>
-<% lat =  params['mlat']  %>
-<% zoom =  params['zoom'] || '12' %>
+<% lon =  h(params['mlon']) %>
+<% lat =  h(params['mlat'])  %>
+<% zoom =  h(params['zoom'] || '12') %>
 <% elsif @user and params['lon'].nil? and params['lat'].nil? %> 
 <% lon =  @user.home_lon %>
 <% lat =  @user.home_lat %>
 <% zoom = '12' %>
 <%else%>
-<% lon =  params['lon'] || '-0.1' %>
-<% lat =  params['lat'] || '51.5' %>
-<% zoom =  params['zoom'] || '12' %>
+<% lon =  h(params['lon'] || '-0.1') %>
+<% lat =  h(params['lat'] || '51.5') %>
+<% zoom =  h(params['zoom'] || '12') %>
 <% end %>
 
 <div id="map">You need a Flash player to use Potlatch, the
@@ -43,7 +43,7 @@
     <a href="http://wiki.openstreetmap.org/index.php/Editing">Several other options</a> are also available
     for editing OpenStreetMap.
 </div>
-<script type="text/javascript" src="/javascripts/swfobject.js"></script>
+<%= javascript_include_tag 'swfobject.js' %>
 <script type="text/javascript">
   var brokenContentSize = $("content").offsetWidth == 0;
   var fo = new SWFObject("/potlatch/potlatch.swf?d="+Math.round(Math.random()*1000), "potlatch", "700", "600", "6", "#FFFFFF");
@@ -54,7 +54,9 @@
     fo.addVariable('long',lon);
     fo.addVariable('scale',sc);
     fo.addVariable('token','<%= session[:token] %>');
-<% if params['gpx'] %>    fo.addVariable('gpx','<%= params['gpx']+"/data" %>'); <% end %>
+    <% if params['gpx'] %>
+    fo.addVariable('gpx','<%= h(params['gpx']) + "/data" %>');
+    <% end %>
     fo.write("map");
   }