diff options
| author | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2016-04-14 22:44:44 +0200 |
|---|---|---|
| committer | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2016-04-14 22:44:44 +0200 |
| commit | 50e5dbbf4b6fd1593396437ef05d8e6902c0f17c (patch) | |
| tree | 6af622965355d6dfe7b9a825ecb78f6d9bc2d2d0 /timepollhead.rb | |
| parent | 22d6497150e41d309b990334b8ad593b3917c4dc (diff) | |
Bugfix for & in participant names
- Store real string every time
- do sanitization when strings are printed to html
Closes: #16
Diffstat (limited to '')
| -rw-r--r-- | timepollhead.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/timepollhead.rb b/timepollhead.rb index 6341537..da48518 100644 --- a/timepollhead.rb +++ b/timepollhead.rb @@ -157,7 +157,7 @@ SORTSYMBOL ret += "<th class='invisible'></th></tr><tr><th colspan='2'><a href='?sort=name'>" + _("Name") + " #{sortsymb(scols,"name")}</a></th>" @data.sort.each{|date| - ret += "<th><a title=\"#{CGI.escapeHTML(date.to_s)}\" href=\"?sort=#{CGI.escape(CGI.escapeHTML(date.to_s))}\">#{CGI.escapeHTML(date.time_to_s)} #{sortsymb(scols,date.to_s)}</a></th>\n" + ret += "<th><a title=\"#{CGI.escapeHTML(date.to_s)}\" href=\"?sort=#{CGI.escape(date.to_s)}\">#{CGI.escapeHTML(date.time_to_s)} #{sortsymb(scols,date.to_s)}</a></th>\n" } ret += "<th><a href='?'>" + _("Last Edit") + " #{sortsymb(scols,"timestamp")}</a></th>\n</tr>\n" ret |