From 99934258530d761bd5d09809bfa6c14b598f8d18 Mon Sep 17 00:00:00 2001 From: Remo Mueller Date: Sat, 23 Apr 2022 13:44:11 -0400 Subject: [PATCH] Fixed a Cross Site Scripting (XSS) issue --- CHANGELOG.md | 2 ++ app/views/layouts/application.html.haml | 2 +- app/views/layouts/full_page.html.haml | 2 +- app/views/layouts/full_page_custom_header.html.haml | 2 +- app/views/layouts/full_page_no_header.haml | 2 +- app/views/layouts/full_page_sidebar.html.haml | 2 +- 6 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d38f650..721df994 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ ## 29.1.0 ### Enhancements +- **Security Changes** + - Fixed a Cross Site Scripting (XSS) issue - **Gem Changes** - Update to Ruby 3.1.2 diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 4fd6f0bb..f58705f2 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -9,7 +9,7 @@ = render "layouts/meta/google" -# Don't cache any pages %meta{ name: "turbolinks-cache-control", content: "no-cache" } - %title= [@title, "MyApnea"].compact.join(" - ").html_safe + %title= [@title, "MyApnea"].compact.join(" - ") = favicon_link_tag = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom") = csrf_meta_tags diff --git a/app/views/layouts/full_page.html.haml b/app/views/layouts/full_page.html.haml index 5b508bda..251508e2 100644 --- a/app/views/layouts/full_page.html.haml +++ b/app/views/layouts/full_page.html.haml @@ -9,7 +9,7 @@ = render "layouts/meta/google" -# Don't cache any pages %meta{ name: "turbolinks-cache-control", content: "no-cache" } - %title= [@title, "MyApnea"].compact.join(" - ").html_safe + %title= [@title, "MyApnea"].compact.join(" - ") = favicon_link_tag = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom") = csrf_meta_tags diff --git a/app/views/layouts/full_page_custom_header.html.haml b/app/views/layouts/full_page_custom_header.html.haml index 9c1eff3c..83aaada6 100644 --- a/app/views/layouts/full_page_custom_header.html.haml +++ b/app/views/layouts/full_page_custom_header.html.haml @@ -9,7 +9,7 @@ = render "layouts/meta/google" -# Don't cache any pages %meta{ name: "turbolinks-cache-control", content: "no-cache" } - %title= [@title, "MyApnea"].compact.join(" - ").html_safe + %title= [@title, "MyApnea"].compact.join(" - ") = favicon_link_tag = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom") = csrf_meta_tags diff --git a/app/views/layouts/full_page_no_header.haml b/app/views/layouts/full_page_no_header.haml index cdfcaf92..60be9869 100644 --- a/app/views/layouts/full_page_no_header.haml +++ b/app/views/layouts/full_page_no_header.haml @@ -9,7 +9,7 @@ = render "layouts/meta/google" -# Don't cache any pages %meta{ name: "turbolinks-cache-control", content: "no-cache" } - %title= [@title, "MyApnea"].compact.join(" - ").html_safe + %title= [@title, "MyApnea"].compact.join(" - ") = favicon_link_tag = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom") = csrf_meta_tags diff --git a/app/views/layouts/full_page_sidebar.html.haml b/app/views/layouts/full_page_sidebar.html.haml index 2e279c14..2b8b7814 100644 --- a/app/views/layouts/full_page_sidebar.html.haml +++ b/app/views/layouts/full_page_sidebar.html.haml @@ -9,7 +9,7 @@ = render "layouts/meta/google" -# Don't cache any pages %meta{ name: "turbolinks-cache-control", content: "no-cache" } - %title= [@title, "MyApnea"].compact.join(" - ").html_safe + %title= [@title, "MyApnea"].compact.join(" - ") = favicon_link_tag = auto_discovery_link_tag(:rss, "#{ENV["website_url"]}/blog.atom") = csrf_meta_tags