X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/0c90905495a5d9fd40282456b4d4098da6adda48..19a57c97b16d2dae962739f49732c081acaf3202:/app/views/site/index.rhtml
diff --git a/app/views/site/index.rhtml b/app/views/site/index.rhtml
index 98ab2ff1a..94b24debf 100644
--- a/app/views/site/index.rhtml
+++ b/app/views/site/index.rhtml
@@ -28,30 +28,30 @@ by the OpenStreetMap project and it's contributors.
<% if params['mlon'] and params['mlat'] %>
<% marker = true %>
-<% mlon = params['mlon'] %>
-<% mlat = params['mlat'] %>
+<% mlon = h(params['mlon']) %>
+<% mlat = h(params['mlat']) %>
<% end %>
<% if params['minlon'] and params['minlat'] and params['maxlon'] and params['maxlat'] %>
<% bbox = true %>
-<% minlon = params['minlon'] %>
-<% minlat = params['minlat'] %>
-<% maxlon = params['maxlon'] %>
-<% maxlat = params['maxlat'] %>
+<% minlon = h(params['minlon']) %>
+<% minlat = h(params['minlat']) %>
+<% maxlon = h(params['maxlon']) %>
+<% maxlat = h(params['maxlat']) %>
<% end %>
<% if params['lon'] and params['lat'] %>
-<% lon = params['lon'] %>
-<% lat = params['lat'] %>
-<% zoom = params['zoom'] || '5' %>
-<% layers = params['layers'] %>
+<% lon = h(params['lon']) %>
+<% lat = h(params['lat']) %>
+<% zoom = h(params['zoom'] || '5') %>
+<% layers = h(params['layers']) %>
<% elsif params['mlon'] and params['mlat'] %>
-<% lon = params['mlon'] %>
-<% lat = params['mlat'] %>
-<% zoom = params['zoom'] || '12' %>
-<% layers = params['layers'] %>
+<% lon = h(params['mlon']) %>
+<% lat = h(params['mlat']) %>
+<% zoom = h(params['zoom'] || '12') %>
+<% layers = h(params['layers']) %>
<% elsif cookies.key?("location") %>
-<% lon,lat,zoom,layers = cookies["location"].value.first.split(",") %>
+<% lon,lat,zoom,layers = cookies["location"].split(",") %>
<% elsif @user and !@user.home_lon.nil? and !@user.home_lat.nil? %>
<% lon = @user.home_lon %>
<% lat = @user.home_lat %>
@@ -67,39 +67,38 @@ by the OpenStreetMap project and it's contributors.
<% else %>
<% lon = '-0.1' %>
<% lat = '51.5' %>
-<% zoom = params['zoom'] || '5' %>
-<% layers = params['layers'] %>
+<% zoom = h(params['zoom'] || '5') %>
+<% layers = h(params['layers']) %>
<% end %>
<% end %>
-
+<%= javascript_include_tag '/openlayers/OpenLayers.js' %>
+<%= javascript_include_tag '/openlayers/OpenStreetMap.js' %>
<%= javascript_include_tag 'map.js' %>
-