[Nitro] Patch: escaping error messages by default

Aleksi Niemela Aleksi.Niemela at cs.helsinki.fi
Thu Sep 8 13:17:37 EDT 2005

I'm not sure CGI-lib is the way to go (below sanitize is used, but I 
don't know if that does the right thing for error message), but here's a 
useful patch.

    - Aleksi

$ diff -u public/error.xhtml~ public/error.xhtml
--- public/error.xhtml~ 2005-08-27 00:39:22.414000000 +0300
+++ public/error.xhtml  2005-09-08 20:14:36.323125000 +0300
@@ -31,11 +31,13 @@

-<?r if Run.mode == :debug ?>
+<?r if Run.mode == :debug
+    require 'cgi'

     <?r  for error, path in @context.rendering_errors ?>
       <div class="path"><strong>Path:</strong> #{path}</div>
-      <div class="error"><strong>#{error.to_s}</strong></div>
+      <div 
       <div class="load">Click here to <strong><a 
       <div class="load">Click here to go to the <strong><a 
href="#{request.referer}">referer</a></strong> or the <stron
g><a href="/">home page</a></strong>.</div>
       <?r if error.respond_to?(:source_extract) ?>

More information about the Nitro-general mailing list