Merge remote-tracking branch 'openaustralia_github/xss_escaping_fixes' into develop

author: Louise Crow <louise.crow@gmail.com> 2013-02-01 16:39:53 +0000
committer: Louise Crow <louise.crow@gmail.com> 2013-02-01 16:39:53 +0000
commit: 63d576de4309b527a2a7ed4fc8f5cf43cae0538b (patch)
tree: 8e169a92a570858cd6be1ccc642c8f9f6bb1edb7 /app/helpers/application_helper.rb
parent: 39f74e92f0785eb3da2001d93682b8d1aadd35d5 (diff)
parent: f077394dc1130df36a7f17784eaac5c79c60df24 (diff)
1 files changed, 3 insertions, 6 deletions
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index b9ba712a4..42f9d30f1 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -54,15 +54,12 @@ module ApplicationHelper
     # Highlight words, also escapes HTML (other than spans that we add)
     def highlight_words(t, words, html = true)
         if html
-            t = h(t)
-        end
-        if html
-            t = highlight(t, words, '<span class="highlight">\1</span>')
+            highlight(h(t), words, '<span class="highlight">\1</span>').html_safe
         else
-            t = highlight(t, words, '*\1*')
+            highlight(t, words, '*\1*')
         end
-        return t
     end
+
     def highlight_and_excerpt(t, words, excount, html = true)
         newt = excerpt(t, words[0], excount)
         if not newt
author	Louise Crow <louise.crow@gmail.com>	2013-02-01 16:39:53 +0000
committer	Louise Crow <louise.crow@gmail.com>	2013-02-01 16:39:53 +0000
commit	63d576de4309b527a2a7ed4fc8f5cf43cae0538b (patch)
tree	8e169a92a570858cd6be1ccc642c8f9f6bb1edb7 /app/helpers/application_helper.rb
parent	39f74e92f0785eb3da2001d93682b8d1aadd35d5 (diff)
parent	f077394dc1130df36a7f17784eaac5c79c60df24 (diff)