[Nitro] Patch: escaping error messages by default
George Moschovitis
george.moschovitis at gmail.com
Fri Sep 9 02:20:24 EDT 2005
thanks,
-g.
On 9/8/05, Aleksi Niemela <Aleksi.Niemela at cs.helsinki.fi> wrote:
> I'm not sure CGI-lib is the way to go (below sanitize is used, but I
> don't know if that does the right thing for error message), but here's a
> useful patch.
>
> - Aleksi
>
>
> $ diff -u public/error.xhtml~ public/error.xhtml
> --- public/error.xhtml~ 2005-08-27 00:39:22.414000000 +0300
> +++ public/error.xhtml 2005-09-08 20:14:36.323125000 +0300
> @@ -31,11 +31,13 @@
> <body>
> <h1>Error</h1>
>
> -<?r if Run.mode == :debug ?>
> +<?r if Run.mode == :debug
> + require 'cgi'
> +?>
>
> <?r for error, path in @context.rendering_errors ?>
> <div class="path"><strong>Path:</strong> #{path}</div>
> - <div class="error"><strong>#{error.to_s}</strong></div>
> + <div
> class="error"><strong>#{CGI::escapeHTML(error.to_s)}</strong></div>
> <div class="load">Click here to <strong><a
> href="#{request.uri}">reload</a></strong>.</div>
> <div class="load">Click here to go to the <strong><a
> href="#{request.referer}">referer</a></strong> or the <stron
> g><a href="/">home page</a></strong>.</div>
> <?r if error.respond_to?(:source_extract) ?>
>
> _______________________________________________
> Nitro-general mailing list
> Nitro-general at rubyforge.org
> http://rubyforge.org/mailman/listinfo/nitro-general
>
--
http://www.gmosx.com
http://www.navel.gr
http://www.nitrohq.com
More information about the Nitro-general
mailing list