Fixed a Cross Site Scripting (XSS) issue

myapnea · Apr 23, 2022 · 9993425 · 9993425
1 parent a9d9610
commit 9993425
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,8 @@
 ## 29.1.0
 
 ### Enhancements
+- **Security Changes**
+  - Fixed a Cross Site Scripting (XSS) issue
 - **Gem Changes**
   - Update to Ruby 3.1.2
 

diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml
@@ -9,7 +9,7 @@
     = render "layouts/meta/google"
     -# Don't cache any pages
     %meta{ name: "turbolinks-cache-control", content: "no-cache" }
-    %title= [@title, "MyApnea"].compact.join(" - ").html_safe
+    %title= [@title, "MyApnea"].compact.join(" - ")
     = favicon_link_tag
     = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom")
     = csrf_meta_tags

diff --git a/app/views/layouts/full_page.html.haml b/app/views/layouts/full_page.html.haml
@@ -9,7 +9,7 @@
     = render "layouts/meta/google"
     -# Don't cache any pages
     %meta{ name: "turbolinks-cache-control", content: "no-cache" }
-    %title= [@title, "MyApnea"].compact.join(" - ").html_safe
+    %title= [@title, "MyApnea"].compact.join(" - ")
     = favicon_link_tag
     = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom")
     = csrf_meta_tags

diff --git a/app/views/layouts/full_page_custom_header.html.haml b/app/views/layouts/full_page_custom_header.html.haml
@@ -9,7 +9,7 @@
     = render "layouts/meta/google"
     -# Don't cache any pages
     %meta{ name: "turbolinks-cache-control", content: "no-cache" }
-    %title= [@title, "MyApnea"].compact.join(" - ").html_safe
+    %title= [@title, "MyApnea"].compact.join(" - ")
     = favicon_link_tag
     = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom")
     = csrf_meta_tags

diff --git a/app/views/layouts/full_page_no_header.haml b/app/views/layouts/full_page_no_header.haml
@@ -9,7 +9,7 @@
     = render "layouts/meta/google"
     -# Don't cache any pages
     %meta{ name: "turbolinks-cache-control", content: "no-cache" }
-    %title= [@title, "MyApnea"].compact.join(" - ").html_safe
+    %title= [@title, "MyApnea"].compact.join(" - ")
     = favicon_link_tag
     = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom")
     = csrf_meta_tags

diff --git a/app/views/layouts/full_page_sidebar.html.haml b/app/views/layouts/full_page_sidebar.html.haml
@@ -9,7 +9,7 @@
     = render "layouts/meta/google"
     -# Don't cache any pages
     %meta{ name: "turbolinks-cache-control", content: "no-cache" }
-    %title= [@title, "MyApnea"].compact.join(" - ").html_safe
+    %title= [@title, "MyApnea"].compact.join(" - ")
     = favicon_link_tag
     = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom")
     = csrf_meta_tags