escape shit

2016-03-21 11:54:32 +01:00 · 2016-03-21 11:54:32 +01:00 · 50d27561e4
parent 5a8aed99ec
commit 50d27561e4
1 changed files with 3 additions and 1 deletions
--- a/app/controllers/concerns/data_table.rb
+++ b/app/controllers/concerns/data_table.rb
@ -1,4 +1,6 @@
 class DataTable
+  include ActionView::Helpers::JavaScriptHelper
+  include ERB::Util
  def initialize user, params
    @user = user
    @params = sanitize_params(params)
@ -11,7 +13,7 @@ class DataTable
      draw: @params[:draw],
      recordsTotal: @user.transactions.count,
      recordsFiltered: count,
-      data: data
+      data: data.map { |d| (d["message"] = json_escape(d["message"])) && d }
    }
  end
  private