diff options
| author | Robin Houston <robin.houston@gmail.com> | 2012-01-11 17:13:51 +0000 |
|---|---|---|
| committer | Robin Houston <robin.houston@gmail.com> | 2012-01-11 17:13:51 +0000 |
| commit | f098a984efacc9cb486991e9ea2da206cf853c6e (patch) | |
| tree | bd170497252fbe43c916af82261bd28aad8d1a98 | |
| parent | 8f2fa1ee943d5c85b67e5817b3eb2dfd31e87821 (diff) | |
Escape error details to avoid XSS potential
| -rw-r--r-- | app/views/general/exception_caught.rhtml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/views/general/exception_caught.rhtml b/app/views/general/exception_caught.rhtml index b266b53a1..5f0dfe13d 100644 --- a/app/views/general/exception_caught.rhtml +++ b/app/views/general/exception_caught.rhtml @@ -19,6 +19,6 @@ <% end %> <h2><%= _('Technical details') %></h2> - <p><strong><%=@exception_class ? @exception_class : _("Unknown")%></strong></p> - <p><strong><%=@exception_message %></strong></p> + <p><strong><%= h(@exception_class ? @exception_class : _("Unknown")) %></strong></p> + <p><strong><%= h(@exception_message) %></strong></p> </div> |