-<b><%= diary_entry.title %></b><br />
-<%= simple_format(diary_entry.body) %>
+<b><%= h(diary_entry.title) %></b><br />
+<%= simple_format(h(diary_entry.body)) %>
<% if diary_entry.latitude and diary_entry.longitude %>
Coordinates: <div class="geo" style="display: inline"><span class="latitude"><%= diary_entry.latitude %></span>; <span class="longitude"><%= diary_entry.longitude %></span></div> (<%=link_to 'map', :controller => 'site', :action => 'index', :lat => diary_entry.latitude, :lon => diary_entry.longitude, :zoom => 14 %> / <%=link_to 'edit', :controller => 'site', :action => 'edit', :lat => diary_entry.latitude, :lon => diary_entry.longitude, :zoom => 14 %>)<br/>
<% end %>
</tr>
<tr>
<th align="right">Subject</th>
- <td><%= @message.title %></td>
+ <td><%= h(@message.title) %></td>
</tr>
<tr>
<th align="right">Date</th>
</tr>
<tr>
<th></th>
- <td><%= @message.body %></td>
+ <td><%= h(@message.body) %></td>
</tr>
</table>
</tr>
<tr>
<th align="right">Subject</th>
- <td><%= @message.title %></td>
+ <td><%= h(@message.title) %></td>
</tr>
<tr>
<th align="right">Date</th>
</tr>
<tr>
<th></th>
- <td><%= @message.body %></td>
+ <td><%= h(@message.body) %></td>
</tr>
</table>
projects / rails.git / commitdiff