jacknudt
/
socialforge
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'xss-bug' into 'develop' 

FIX 合并功能分支

合并功能分支

See merge request !190
This commit is contained in:
陈晓婷 2019-10-23 16:30:27 +08:00
parent c41c8d7223 e030201d1d
commit dc9238717a
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/views/organizations/_org_course_homework.html.erb
View File

@ -352,7 +352,7 @@
</div>
<% end %>
<div class="homepagePostReplyContent break_word list_style upload_img table_maxWidth" id="reply_content_<%= comment.id %>">
<%= comment.notes.html_safe %></div>
<%= sanitize comment.notes %></div>
<div class="orig_reply mb10 mt-10">
<div class="reply">
<span class="reply-right">

4
app/views/users/_comment_reply_detail.html.erb
View File

@ -17,9 +17,9 @@
<p><%= string %></p>
<% end %>
<% end %>
<P><%= h comment.content_detail.html_safe %></P>
<P><%= h comment.content_detail %></P>
<% else %>
<%= h comment.content_detail.html_safe %>
<%= h comment.content_detail %>
<% end %>
</div>
<div class="orig_reply mt-10 pr" style="height: 18px;">

8
app/views/users/_news_replies.html.erb
View File

@ -18,13 +18,13 @@
<div class="homepagePostReplyContent break_word list_style upload_img table_maxWidth" id="reply_content_<%= comment.id %>">
<% if comment.class == Journal %>
<% if comment.details.any? %>
<% details_to_strings(comment.details).each do |string| %>
<p><%= string %></p>
<% details_to_strings(sanitize comment.details).each do |string| %>
<p><%= sanitize string %></p>
<% end %>
<% end %>
<P><%= comment.notes.html_safe %></P>
<P><%= h comment.notes %></P>
<% else %>
<%= comment.content_detail.html_safe %>
<%= h comment.content_detail %>
<% end %>
</div>
<div class="orig_reply mb10 mt-10">