lib/dashing/app.rb in smashing-1.3.4 vs lib/dashing/app.rb in smashing-1.3.5

- old
+ new

@@ -23,10 +23,14 @@ helpers do def protected! # override with auth logic end + def h(text) + Rack::Utils.escape_html(text) + end + def authenticated?(token) return true unless settings.auth_token token && Rack::Utils.secure_compare(settings.auth_token, token) end end @@ -127,10 +131,10 @@ settings.template_languages.each do |language| file = File.join(settings.root, "widgets", params[:widget], "#{params[:widget]}.#{language}") return Tilt[language].new(file).render if File.exist?(file) end - "Drats! Unable to find a widget file named: #{params[:widget]} to render." + "Drats! Unable to find a widget file named: #{h(params[:widget])} to render." end Thin::Server.class_eval do def stop_with_connection_closing Sinatra::Application.settings.connections.dup.each_key(&:close)