Escape message titles and bodies. This is an emergency fix as some genius
authorTom Hughes <tom@compton.nu>
Tue, 15 Jan 2008 00:26:01 +0000 (00:26 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 15 Jan 2008 00:26:01 +0000 (00:26 +0000)
commit1e54573bae7eed568e99ebc0b0d448170f08c880
treea787933d709e359895165651ee1feb5ad463cf41
parentbc309badb8c3afea20c17ff9ef44861d4f7bcf13
Escape message titles and bodies. This is an emergency fix as some genius
has decided to report this XSS problem to a public mailing list. Unfortunately
it means that some functionality (links in messages etc) has been lost for now.
app/views/diary_entry/_diary_entry.rhtml
app/views/message/read.rhtml