Fixed xss issue

Snorby · Jul 1, 2015 · 89d7cbc · 89d7cbc
1 parent 31d3ef5
commit 89d7cbc
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/app/views/events/_menu.html.erb b/app/views/events/_menu.html.erb
@@ -2,9 +2,9 @@
 
 	<% @classifications.each do |cls| %>
 		<% if cls.locked && cls.hotkey %>
-			<%= drop_down_item "#{cls.name}<span class='shortcut'>#{cls.shortcut}</span>", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %>
+			<%= drop_down_item "#{sanitize cls.name}<span class='shortcut'>#{cls.shortcut}</span>", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %>
 		<% else %>
-			<%= drop_down_item "#{cls.name}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %>
+			<%= drop_down_item "#{sanitize cls.name}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %>
 		<% end %>
 	<% end %>