lib/dashing/app.rb in smashing-1.3.4 vs lib/dashing/app.rb in smashing-1.3.5
- old
+ new
@@ -23,10 +23,14 @@
helpers do
def protected!
# override with auth logic
end
+ def h(text)
+ Rack::Utils.escape_html(text)
+ end
+
def authenticated?(token)
return true unless settings.auth_token
token && Rack::Utils.secure_compare(settings.auth_token, token)
end
end
@@ -127,10 +131,10 @@
settings.template_languages.each do |language|
file = File.join(settings.root, "widgets", params[:widget], "#{params[:widget]}.#{language}")
return Tilt[language].new(file).render if File.exist?(file)
end
- "Drats! Unable to find a widget file named: #{params[:widget]} to render."
+ "Drats! Unable to find a widget file named: #{h(params[:widget])} to render."
end
Thin::Server.class_eval do
def stop_with_connection_closing
Sinatra::Application.settings.connections.dup.each_key(&:close)