sanitize() flash messages

2023-04-05 23:25:50 +02:00
parent 803d9063d5
commit 155bf716e5
1 changed files with 1 additions and 1 deletions
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -21,7 +21,7 @@
    <div class="flashes">
      <% flash.each do |entry, message| %>
        <div class="flash <%= entry %>">
-          <div><%= message %></div>
+          <div><%= sanitize message %></div>
          <button onclick="this.parentElement.style.display='none';">&times;</button>
        </div>
      <% end %>