From 85c77ca074ddc9e019324bb38a416408560a7400 Mon Sep 17 00:00:00 2001
From: yanxd <sxty32@hotmail.com>
Date: Tue, 20 May 2014 15:37:05 +0800
Subject: [PATCH] xss, ckeditor js bug.

---
 app/views/memos/show.html.erb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/views/memos/show.html.erb b/app/views/memos/show.html.erb
index fcd10a011..91bb1387d 100644
--- a/app/views/memos/show.html.erb
+++ b/app/views/memos/show.html.erb
@@ -110,8 +110,7 @@
 					<%= link_to image_tag(url_to_avatar(reply.author), :class => "avatar"), user_path(reply.author) %>
 				</td>
 				<td class="comments">
-						<div class="reply_content" ><%=h reply.content.html_safe %></div>
-						<!-- <div class="wiki">< %=h reply.content.html_safe %></div> -->
+						<div class="reply_content" ><%=h sanitize(reply.content.html_safe) %></div>
 						<p>
 							<% if reply.attachments.any?%>
 							<% options = {:author => true, :deletable => reply.deleted_attach_able_by?(User.current) } %>
@@ -144,6 +143,7 @@
 
 <script type="text/javascript">
 jQuery(document).ready(function($) {
-	transpotUrl('#main');
+	transpotUrl('.lz');
+	transpotUrl('.replies');
 });
 </script>
\ No newline at end of file