From bb60b3844412567990e99e4230aa040450cb72e1 Mon Sep 17 00:00:00 2001 From: mayra lucia navarro Date: Tue, 24 Oct 2023 21:39:38 -0500 Subject: [PATCH] Sanitize params --- app/views/site/past_meetup.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/views/site/past_meetup.erb b/app/views/site/past_meetup.erb index 02a8bc08..b7751c5b 100644 --- a/app/views/site/past_meetup.erb +++ b/app/views/site/past_meetup.erb @@ -1,7 +1,7 @@ <%= javascript_pack_tag 'past_meetup' %> <%= stylesheet_pack_tag "past_meetup" %> <%= javascript_tag do %> - var year = <%= raw(params[:year]) %> - var month = <%= raw(params[:month]) %> - var day = <%= raw(params[:day]) %> -<% end %> + var year = <%= raw(h(params[:year])) %>; + var month = <%= raw(h(params[:month])) %>; + var day = <%= raw(h(params[:day])) %>; +<% end %> \ No newline at end of file