Loading Changelog.md +4 −0 Original line number Diff line number Diff line # 0.7.7.1 Fixes a potential cross-site scripting issue with maliciously crafted OpenGraph metadata on the mobile interface. # 0.7.7.0 ## Refactor Loading Gemfile.lock +2 −2 Original line number Diff line number Diff line Loading @@ -472,7 +472,7 @@ GEM byebug (~> 10.0) pry (~> 0.10) public_suffix (3.0.3) rack (2.0.5) rack (2.0.6) rack-cors (1.0.2) rack-google-analytics (1.2.0) actionpack Loading Loading @@ -900,4 +900,4 @@ DEPENDENCIES will_paginate (= 3.1.6) BUNDLED WITH 1.16.5 1.17.1 app/helpers/open_graph_helper.rb +0 −10 Original line number Diff line number Diff line # frozen_string_literal: true module OpenGraphHelper def og_html(cache) "<a href=\"#{cache.url}\" target=\"_blank\">" + " <div>" + " <img src=\"#{cache.image}\" />" + " <strong>#{cache.title}</strong>" + " <p>#{truncate(cache.description, length: 250, separator: ' ')}</p>" + " </div>" + "</a>" end def link_to_oembed_image(cache, prefix = 'thumbnail_') link_to(oembed_image_tag(cache, prefix), cache.url, :target => '_blank') end Loading app/views/status_messages/_status_message.mobile.haml +7 −1 Original line number Diff line number Diff line Loading @@ -20,4 +20,10 @@ != o_embed_html post.o_embed_cache - if post.open_graph_cache .opengraph != og_html post.open_graph_cache %a{href: post.open_graph_cache.url, target: "_blank"} %div = image_tag post.open_graph_cache.image %strong = post.open_graph_cache.title %p = truncate(post.open_graph_cache.description, length: 250, separator: " ") config/defaults.yml +1 −1 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ defaults: version: number: "0.7.7.0" # Do not touch unless doing a release, do not backport the version number that's in master number: "0.7.7.1" # Do not touch unless doing a release, do not backport the version number that's in master heroku: false environment: url: "http://localhost:3000/" Loading Loading
Changelog.md +4 −0 Original line number Diff line number Diff line # 0.7.7.1 Fixes a potential cross-site scripting issue with maliciously crafted OpenGraph metadata on the mobile interface. # 0.7.7.0 ## Refactor Loading
Gemfile.lock +2 −2 Original line number Diff line number Diff line Loading @@ -472,7 +472,7 @@ GEM byebug (~> 10.0) pry (~> 0.10) public_suffix (3.0.3) rack (2.0.5) rack (2.0.6) rack-cors (1.0.2) rack-google-analytics (1.2.0) actionpack Loading Loading @@ -900,4 +900,4 @@ DEPENDENCIES will_paginate (= 3.1.6) BUNDLED WITH 1.16.5 1.17.1
app/helpers/open_graph_helper.rb +0 −10 Original line number Diff line number Diff line # frozen_string_literal: true module OpenGraphHelper def og_html(cache) "<a href=\"#{cache.url}\" target=\"_blank\">" + " <div>" + " <img src=\"#{cache.image}\" />" + " <strong>#{cache.title}</strong>" + " <p>#{truncate(cache.description, length: 250, separator: ' ')}</p>" + " </div>" + "</a>" end def link_to_oembed_image(cache, prefix = 'thumbnail_') link_to(oembed_image_tag(cache, prefix), cache.url, :target => '_blank') end Loading
app/views/status_messages/_status_message.mobile.haml +7 −1 Original line number Diff line number Diff line Loading @@ -20,4 +20,10 @@ != o_embed_html post.o_embed_cache - if post.open_graph_cache .opengraph != og_html post.open_graph_cache %a{href: post.open_graph_cache.url, target: "_blank"} %div = image_tag post.open_graph_cache.image %strong = post.open_graph_cache.title %p = truncate(post.open_graph_cache.description, length: 250, separator: " ")
config/defaults.yml +1 −1 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ defaults: version: number: "0.7.7.0" # Do not touch unless doing a release, do not backport the version number that's in master number: "0.7.7.1" # Do not touch unless doing a release, do not backport the version number that's in master heroku: false environment: url: "http://localhost:3000/" Loading
