Merge remote-tracking branch 'openaustralia_github/various_xss_escaping_fixes' into release/0.7

author: Louise Crow <louise.crow@gmail.com> 2013-02-11 17:24:12 +0000
committer: Louise Crow <louise.crow@gmail.com> 2013-02-11 17:24:12 +0000
commit: 92093c41d51ed263636fec057d138713ea103b28 (patch)
tree: c367ae6626fcd0bf64cb6034a92afbf33aba018a /app/models/user.rb
parent: eb2b49efb6768ad2c43e762017061972f0c1643f (diff)
parent: edb4657629002d8184cc1cd130737143a08049de (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 617b51c60..e6c666e47 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -354,12 +354,13 @@ class User < ActiveRecord::Base
     end
 
     # Return about me text for display as HTML
+    # TODO: Move this to a view helper
     def get_about_me_for_html_display
         text = self.about_me.strip
         text = CGI.escapeHTML(text)
         text = MySociety::Format.make_clickable(text, :contract => 1)
         text = text.gsub(/\n/, '<br>')
-        return text
+        return text.html_safe
     end
 
     def json_for_api
author	Louise Crow <louise.crow@gmail.com>	2013-02-11 17:24:12 +0000
committer	Louise Crow <louise.crow@gmail.com>	2013-02-11 17:24:12 +0000
commit	92093c41d51ed263636fec057d138713ea103b28 (patch)
tree	c367ae6626fcd0bf64cb6034a92afbf33aba018a /app/models/user.rb
parent	eb2b49efb6768ad2c43e762017061972f0c1643f (diff)
parent	edb4657629002d8184cc1cd130737143a08049de (diff)