jacknudt
/
socialforge
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

xss, ckeditor js bug.

This commit is contained in:
yanxd 2014-05-20 15:37:05 +08:00
parent dac992548a
commit 85c77ca074
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/views/memos/show.html.erb
View File

@ -110,8 +110,7 @@
<%= link_to image_tag(url_to_avatar(reply.author), :class => "avatar"), user_path(reply.author) %> <%= link_to image_tag(url_to_avatar(reply.author), :class => "avatar"), user_path(reply.author) %>
</td> </td>
<td class="comments"> <td class="comments">
<div class="reply_content" ><%=h reply.content.html_safe %></div> <div class="reply_content" ><%=h sanitize(reply.content.html_safe) %></div>
<!-- <div class="wiki">< %=h reply.content.html_safe %></div> -->
<p> <p>
<% if reply.attachments.any?%> <% if reply.attachments.any?%>
<% options = {:author => true, :deletable => reply.deleted_attach_able_by?(User.current) } %> <% options = {:author => true, :deletable => reply.deleted_attach_able_by?(User.current) } %>
@ -144,6 +143,7 @@
<script type="text/javascript"> <script type="text/javascript">
jQuery(document).ready(function($) { jQuery(document).ready(function($) {
transpotUrl('#main'); transpotUrl('.lz');
transpotUrl('.replies');
}); });
</script> </script>