Add a few more escape calls to prevent nasty HTML being rendered. Also
authorTom Hughes <tom@compton.nu>
Tue, 15 Jan 2008 18:22:08 +0000 (18:22 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 15 Jan 2008 18:22:08 +0000 (18:22 +0000)
commit9f909d7447b0d9327d9033a8c9ab0bc6e597bf80
treeeeb9f0eb04b1c1eb2933a4939e3a91243cdf0d83
parent77b5ad459af8c5aec91070e22c1e74bcb6dce914
Add a few more escape calls to prevent nasty HTML being rendered. Also
switch to using sanitize() instead of h() to escape message bodies. This
is not quite as safe as there is no guarantee that the HTML scanner it
uses will find everything, but is does allow benign HTML tags to be
displayed again.
app/views/diary_entry/_diary_entry.rhtml
app/views/message/_message_summary.rhtml
app/views/message/_sent_message_summary.rhtml
app/views/message/read.rhtml