]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/user_blocks/new.html.erb
use h() to avoid XSS in usernames
[rails.git] / app / views / user_blocks / new.html.erb
index 3d0d2d0bf754651115639df4569368d6ef8d919e..470d60e8f2c1693a90f0fcf40c6c521df008e2a6 100644 (file)
@@ -1,4 +1,4 @@
-<h1><%= t('user_block.new.title', :name => @this_user.display_name) %></h1>
+<h1><%= t('user_block.new.title', :name => h(@this_user.display_name)) %></h1>
 
 <% form_for(@user_block) do |f| %>
   <%= f.error_messages %>