diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2019-11-26 17:09:56 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2019-12-09 09:38:03 +0000 |
| commit | 6c2d3d5a7d84521d34daa2cf7e4be76a54b3b0e0 (patch) | |
| tree | 75ef8cd6e1df444572ae5ec3a4048e6c3366a088 /perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm | |
| parent | a4290acdff6781979cc3cd7c0142d553236e5666 (diff) | |
Switch to default-escaped in templates.
This means any variable used in a template is automatically
HTML-escaped, unless it is marked as safe either in code by
using a SafeString, or in the template with the `mark_safe`
function or the `safe` filter.
Diffstat (limited to 'perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm')
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm b/perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm index 18d2a7683..1805e1fd2 100644 --- a/perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm +++ b/perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm @@ -74,6 +74,7 @@ __PACKAGE__->belongs_to( # DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:FLKiZELcfBcc9VwHU2MZYQ use Moo; +use FixMyStreet::Template::SafeString; use Text::Diff; use Data::Dumper; @@ -147,11 +148,12 @@ sub compare_photo { push @deleted, $diff->Items(1); push @added, $diff->Items(2); } - return (join ', ', map { + my $s = (join ', ', map { "<del style='background-color:#fcc'>$_</del>"; } @deleted) . (join ', ', map { "<ins style='background-color:#cfc'>$_</ins>"; } @added); + return FixMyStreet::Template::SafeString->new($s); } sub compare_extra { @@ -212,7 +214,7 @@ sub string_diff { $string .= $inserted; } } - return $string; + return FixMyStreet::Template::SafeString->new($string); } 1; |