xss, ckeditor js bug.

This commit is contained in:
yanxd 2014-05-20 15:37:05 +08:00
parent dac992548a
commit 85c77ca074
1 changed files with 3 additions and 3 deletions

View File

@ -110,8 +110,7 @@
<%= link_to image_tag(url_to_avatar(reply.author), :class => "avatar"), user_path(reply.author) %>
</td>
<td class="comments">
<div class="reply_content" ><%=h reply.content.html_safe %></div>
<!-- <div class="wiki">< %=h reply.content.html_safe %></div> -->
<div class="reply_content" ><%=h sanitize(reply.content.html_safe) %></div>
<p>
<% if reply.attachments.any?%>
<% options = {:author => true, :deletable => reply.deleted_attach_able_by?(User.current) } %>
@ -144,6 +143,7 @@
<script type="text/javascript">
jQuery(document).ready(function($) {
transpotUrl('#main');
transpotUrl('.lz');
transpotUrl('.replies');
});
</script>