Fix two XSS injectionsHEAD master

The EmailAddress problem was submitted upstream to hobo.
author: Petteri Räty <betelgeuse@gentoo.org> 2011-08-02 23:32:04 +0300
committer: Petteri Räty <betelgeuse@gentoo.org> 2011-08-02 23:32:24 +0300
commit: cf450f1e4f5f2317e64291487bfccd89a2b243bf (patch)
tree: 6f5c27d827a49d61e8158ba3dd48f438cc10ad66 /config
parent: Don't show wrong unanswered questions count (diff)
download: recruiting-webapp-master.tar.gz
recruiting-webapp-master.tar.bz2
recruiting-webapp-master.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/config/initializers/email_address.rb b/config/initializers/email_address.rb
new file mode 100644
index 0000000..02e48cb
--- /dev/null
+++ b/config/initializers/email_address.rb
@@ -0,0 +1,9 @@
+require 'hobo_fields/email_address'
+
+class HoboFields::EmailAddress
+  def to_html_with_escape(xmldoctype = true)
+    ERB::Util.h to_html_without_escape xmldoctype
+  end
+
+  alias_method_chain :to_html, :escape
+end
author	Petteri Räty <betelgeuse@gentoo.org>	2011-08-02 23:32:04 +0300
committer	Petteri Räty <betelgeuse@gentoo.org>	2011-08-02 23:32:24 +0300
commit	cf450f1e4f5f2317e64291487bfccd89a2b243bf (patch)
tree	6f5c27d827a49d61e8158ba3dd48f438cc10ad66 /config
parent	Don't show wrong unanswered questions count (diff)
download	recruiting-webapp-master.tar.gz recruiting-webapp-master.tar.bz2 recruiting-webapp-master.zip