From 50d27561e4c2f598c54164b38a84bac6ab720201 Mon Sep 17 00:00:00 2001
From: benji <benj_cous@hotmail.com>
Date: Mon, 21 Mar 2016 11:54:32 +0100
Subject: [PATCH] escape shit

---
 app/controllers/concerns/data_table.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/concerns/data_table.rb b/app/controllers/concerns/data_table.rb
index 3ce4dde..d662685 100644
--- a/app/controllers/concerns/data_table.rb
+++ b/app/controllers/concerns/data_table.rb
@@ -1,4 +1,6 @@
 class DataTable
+  include ActionView::Helpers::JavaScriptHelper
+  include ERB::Util
   def initialize user, params
     @user = user
     @params = sanitize_params(params)
@@ -11,7 +13,7 @@ class DataTable
       draw: @params[:draw],
       recordsTotal: @user.transactions.count,
       recordsFiltered: count,
-      data: data
+      data: data.map { |d| (d["message"] = json_escape(d["message"])) && d }
     }
   end
   private