diff options
-rw-r--r-- | web/lib/api/v4/relation.rb | 10 | ||||
-rw-r--r-- | web/lib/utils.rb | 12 | ||||
-rw-r--r-- | web/public/js/taginfo.js | 2 | ||||
-rw-r--r-- | web/viewsjs/key.js.erb | 4 | ||||
-rw-r--r-- | web/viewsjs/relation.js.erb | 2 | ||||
-rw-r--r-- | web/viewsjs/tag.js.erb | 2 |
6 files changed, 16 insertions, 16 deletions
diff --git a/web/lib/api/v4/relation.rb b/web/lib/api/v4/relation.rb index 9cc8137..4fdd936 100644 --- a/web/lib/api/v4/relation.rb +++ b/web/lib/api/v4/relation.rb @@ -132,11 +132,11 @@ class Taginfo < Sinatra::Base res = @db.execute('SELECT * FROM wiki.relation_pages LEFT OUTER JOIN wiki.wiki_images USING (image) WHERE rtype = ? ORDER BY lang', rtype) return res.map{ |row| { - :lang => h(row['lang']), - :language => h(::Language[row['lang']].native_name), - :language_en => h(::Language[row['lang']].english_name), - :title => h(row['title']), - :description => h(row['description']), + :lang => row['lang'], + :language => ::Language[row['lang']].native_name, + :language_en => ::Language[row['lang']].english_name, + :title => row['title'], + :description => row['description'], :image => { :title => row['image'], :width => row['width'].to_i, diff --git a/web/lib/utils.rb b/web/lib/utils.rb index 34f3d48..c220913 100644 --- a/web/lib/utils.rb +++ b/web/lib/utils.rb @@ -140,11 +140,11 @@ end # Used in wiki api calls def get_wiki_result(res) return res.map{ |row| { - :lang => h(row['lang']), - :language => h(::Language[row['lang']].native_name), - :language_en => h(::Language[row['lang']].english_name), - :title => h(row['title']), - :description => h(row['description']), + :lang => row['lang'], + :language => ::Language[row['lang']].native_name, + :language_en => ::Language[row['lang']].english_name, + :title => row['title'], + :description => row['description'], :image => { :title => row['image'], :width => row['width'].to_i, @@ -175,7 +175,7 @@ def get_josm_style_rules_result(total, res) :key => row['k'], :value => row['v'], :value_bool => row['b'], - :rule => h(row['rule']), + :rule => row['rule'], :area_color => row['area_color'] ? h(row['area_color'].sub(/^.*#/, '#')) : '', :line_color => row['line_color'] ? h(row['line_color'].sub(/^.*#/, '#')) : '', :line_width => row['line_width'] ? row['line_width'].to_i : 0, diff --git a/web/public/js/taginfo.js b/web/public/js/taginfo.js index 39ea6b0..8afdb50 100644 --- a/web/public/js/taginfo.js +++ b/web/public/js/taginfo.js @@ -197,7 +197,7 @@ function link_to_wiki(title, options) { return link( url_for_wiki(title, options), - title, + html_escape(title), { target: '_blank', 'class': 'extlink' } ); } diff --git a/web/viewsjs/key.js.erb b/web/viewsjs/key.js.erb index b9c6763..e2a53bd 100644 --- a/web/viewsjs/key.js.erb +++ b/web/viewsjs/key.js.erb @@ -49,7 +49,7 @@ var create_flexigrid_for = { hover_expand(link_to_value(key, row.value)), fmt_value_with_percent(row.count, row.fraction), fmt_checkmark(row.in_wiki), - row.description + html_escape(row.description) ] }; }); delete data.data; @@ -105,7 +105,7 @@ var create_flexigrid_for = { return { 'cell': [ fmt_language(row.lang, row.language, row.language_en), link_to_wiki(row.title), - row.description, + html_escape(row.description), fmt_wiki_image_popup(row.image), fmt_type_icon('node', row.on_node) + fmt_type_icon('way', row.on_way) + diff --git a/web/viewsjs/relation.js.erb b/web/viewsjs/relation.js.erb index 4e9544a..f0f6bb4 100644 --- a/web/viewsjs/relation.js.erb +++ b/web/viewsjs/relation.js.erb @@ -75,7 +75,7 @@ var create_flexigrid_for = { return { 'cell': [ fmt_language(row.lang, row.language, row.language_en), link_to_wiki(row.title), - row.description, + html_escape(row.description), fmt_wiki_image_popup(row.image) ]}; }) diff --git a/web/viewsjs/tag.js.erb b/web/viewsjs/tag.js.erb index 85c168a..f71990d 100644 --- a/web/viewsjs/tag.js.erb +++ b/web/viewsjs/tag.js.erb @@ -85,7 +85,7 @@ var create_flexigrid_for = { return { 'cell': [ fmt_language(row.lang, row.language, row.language_en), link_to_wiki(row.title), - row.description, + html_escape(row.description), fmt_wiki_image_popup(row.image), fmt_type_icon('node', row.on_node) + fmt_type_icon('way', row.on_way) + |