scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-03-06 20:56:42 +08:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize te user_names_with_roles [SCI-8007]

Browse source
This commit is contained in:
sboursen-scinote 2023-03-10 09:46:45 +01:00
parent 45f1b3c97d
commit e9bdd218fa
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/helpers/projects_helper.rb
View file

@ -14,7 +14,8 @@ module ProjectsHelper
end end
def user_names_with_roles(user_assignments) def user_names_with_roles(user_assignments)
user_assignments.map { |up| user_name_with_role(up) }.join('
') names_with_roles = user_assignments.map { |up| user_name_with_role(up) }.join('
')
sanitize_input(names_with_roles)
end end
def user_name_with_role(user_assignment) def user_name_with_role(user_assignment)

2
app/views/protocols/index/_users_list.html.erb
View file

@ -6,7 +6,7 @@
<% more_users = protocol.user_assignments[3..-1].to_a %> <% more_users = protocol.user_assignments[3..-1].to_a %>
<% if more_users.any? %> <% if more_users.any? %>
<span class="more-users" title="<%== user_names_with_roles(more_users) %>"> <span class="more-users" title="<%= user_names_with_roles(more_users) %>">
+<%= more_users.size %> +<%= more_users.size %>
</span> </span>
<% end %> <% end %>