Sanitize user descriptions properly.
authorTom Hughes <tom@compton.nu>
Mon, 7 Jul 2008 08:06:56 +0000 (08:06 +0000)
committerTom Hughes <tom@compton.nu>
Mon, 7 Jul 2008 08:06:56 +0000 (08:06 +0000)
app/views/user/view.rhtml

index f27ce6f0ae949b10c37cc7f3f0dcf3d7319166d9..c5fc6388db6ddeb758d481632b0fc834d6b9c6b6 100644 (file)
@@ -33,7 +33,7 @@
 <% end %>
 
 <h3>Description</h3>
-<div id="description"><%= simple_format(@this_user.description) %></div>
+<div id="description"><%= htmlize(@this_user.description) %></div>
 
 <% if @this_user.home_lat.nil? or @this_user.home_lon.nil? %>
 <h3>User location</h3>