[Nitro] Patch: escaping error messages by default

George Moschovitis george.moschovitis at gmail.com
Fri Sep 9 02:20:24 EDT 2005


thanks,

-g.

On 9/8/05, Aleksi Niemela <Aleksi.Niemela at cs.helsinki.fi> wrote:
> I'm not sure CGI-lib is the way to go (below sanitize is used, but I
> don't know if that does the right thing for error message), but here's a
> useful patch.
> 
>     - Aleksi
> 
> 
> $ diff -u public/error.xhtml~ public/error.xhtml
> --- public/error.xhtml~ 2005-08-27 00:39:22.414000000 +0300
> +++ public/error.xhtml  2005-09-08 20:14:36.323125000 +0300
> @@ -31,11 +31,13 @@
>    <body>
>      <h1>Error</h1>
> 
> -<?r if Run.mode == :debug ?>
> +<?r if Run.mode == :debug
> +    require 'cgi'
> +?>
> 
>      <?r  for error, path in @context.rendering_errors ?>
>        <div class="path"><strong>Path:</strong> #{path}</div>
> -      <div class="error"><strong>#{error.to_s}</strong></div>
> +      <div
> class="error"><strong>#{CGI::escapeHTML(error.to_s)}</strong></div>
>        <div class="load">Click here to <strong><a
> href="#{request.uri}">reload</a></strong>.</div>
>        <div class="load">Click here to go to the <strong><a
> href="#{request.referer}">referer</a></strong> or the <stron
> g><a href="/">home page</a></strong>.</div>
>        <?r if error.respond_to?(:source_extract) ?>
> 
> _______________________________________________
> Nitro-general mailing list
> Nitro-general at rubyforge.org
> http://rubyforge.org/mailman/listinfo/nitro-general
> 


-- 
http://www.gmosx.com
http://www.navel.gr
http://www.nitrohq.com




More information about the Nitro-general mailing list