From 6dbc8cb1725bde3368451fe1bb3fd30d1a55af3a Mon Sep 17 00:00:00 2001 From: daiao <358551898@qq.com> Date: Fri, 27 Mar 2020 10:24:24 +0800 Subject: [PATCH] =?UTF-8?q?=E9=98=B2=E6=AD=A2sql=E6=B3=A8=E5=85=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/helpers/application_helper.rb | 1 + app/views/graduation_topics/_graduation_comments.json.jbuilder | 2 +- app/views/messages/_message_detail.json.jbuilder | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 64c2f6e9f..49fbf4a39 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -12,6 +12,7 @@ module ApplicationHelper # xss共计问题 def content_safe content + return nil if content.nil? tags = %w( a abbr b bdo blockquote br caption cite code col colgroup dd del dfn dl dt em figcaption figure h1 h2 h3 h4 h5 h6 hgroup i img ins kbd li mark diff --git a/app/views/graduation_topics/_graduation_comments.json.jbuilder b/app/views/graduation_topics/_graduation_comments.json.jbuilder index 51551d95d..b9314aa25 100644 --- a/app/views/graduation_topics/_graduation_comments.json.jbuilder +++ b/app/views/graduation_topics/_graduation_comments.json.jbuilder @@ -3,7 +3,7 @@ json.author do end json.id message.id -json.content message.contents_show(identity) +json.content content_safe(message.contents_show(identity)) json.time time_from_now(message.created_at) json.hidden message.hidden # 主贴与子贴不一致 diff --git a/app/views/messages/_message_detail.json.jbuilder b/app/views/messages/_message_detail.json.jbuilder index 38532429f..35237f732 100644 --- a/app/views/messages/_message_detail.json.jbuilder +++ b/app/views/messages/_message_detail.json.jbuilder @@ -1,6 +1,6 @@ json.partial! "messages/message_simple", message: message json.partial! "commons/like", message: message -json.content message.message_detail.try(:content) +json.content content_safe(message.message_detail.try(:content)) json.author do json.partial! "users/user_simple", user: message.author end \ No newline at end of file