• Robert Speicher's avatar
    Unmark the commit author/committer link as HTML-safe · bbe836b2
    Robert Speicher authored
    We now make use of the `content_tag` helper so that the untrusted input
    is escaped and the trusted output is then automatically safe. When we
    don't need to wrap the name in a `span` tag (when `avatar` is falsey),
    it's treated as unsafe by default, so no further sanitization/escaping
    is necessary.
    bbe836b2
commits_helper_spec.rb 2.25 KB