fix history xss

2014-10-31 13:55:28 +01:00 · 2014-10-31 13:55:28 +01:00 · ffe15c436b
parent 969b79642c
commit ffe15c436b
1 changed files with 6 additions and 6 deletions
--- a/app/coffee/modules/common/history.coffee
+++ b/app/coffee/modules/common/history.coffee
@ -84,11 +84,11 @@ HistoryDirective = ($log, $loading) ->
        <div class="activity-fromto">
            <p>
                <strong> from </strong> <br />
-                <span><%= point[0] %></span>
+                <span><%- point[0] %></span>
            </p>
            <p>
                <strong> to </strong> <br />
-                <span><%= point[1] %></span>
+                <span><%- point[1] %></span>
            </p>
        </div>
    </div>
@ -103,11 +103,11 @@ HistoryDirective = ($log, $loading) ->
        <div class="activity-fromto">
            <p>
                <strong> from </strong> <br />
-                <span><%= from %></span>
+                <span><%- from %></span>
            </p>
            <p>
                <strong> to </strong> <br />
-                <span><%= to %></span>
+                <span><%- to %></span>
            </p>
        </div>
    </div>
@ -121,11 +121,11 @@ HistoryDirective = ($log, $loading) ->
            <% _.each(diff, function(change) { %>
                <p>
                    <strong><%= change.name %> from </strong> <br />
-                    <span><%= change.from %></span>
+                    <span><%- change.from %></span>
                </p>
                <p>
                    <strong><%= change.name %> to </strong> <br />
-                    <span><%= change.to %></span>
+                    <span><%- change.to %></span>
                </p>
            <% }) %>
        </div>