Commit fa4c7f76 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'escape-before-autolink' into 'master'

Escape before autolink

Because auto_link set description to html_safe but dont escape html!!! :(

See merge request !963
parents a019b49a 1218a5e6
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
.col-md-7 .col-md-7
.project-home-desc .project-home-desc
- if @project.description.present? - if @project.description.present?
= auto_link @project.description, link: :urls = auto_link ERB::Util.html_escape(@project.description), link: :urls
- if can?(current_user, :admin_project, @project) - if can?(current_user, :admin_project, @project)
– –
%strong= link_to 'Edit', edit_project_path %strong= link_to 'Edit', edit_project_path
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment