From cf450f1e4f5f2317e64291487bfccd89a2b243bf Mon Sep 17 00:00:00 2001
From: Petteri Räty <betelgeuse@gentoo.org>
Date: Tue, 2 Aug 2011 23:32:04 +0300
Subject: Fix two XSS injections

The EmailAddress problem was submitted upstream to hobo.
---
 config/initializers/email_address.rb | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 config/initializers/email_address.rb

(limited to 'config')

diff --git a/config/initializers/email_address.rb b/config/initializers/email_address.rb
new file mode 100644
index 0000000..02e48cb
--- /dev/null
+++ b/config/initializers/email_address.rb
@@ -0,0 +1,9 @@
+require 'hobo_fields/email_address'
+
+class HoboFields::EmailAddress
+  def to_html_with_escape(xmldoctype = true)
+    ERB::Util.h to_html_without_escape xmldoctype
+  end
+
+  alias_method_chain :to_html, :escape
+end
-- 
cgit v1.2.3-65-gdbad