From 6084cb969d1f036ea0401184a3e0115f46fd0914 Mon Sep 17 00:00:00 2001 From: Jaime Iniesta Date: Mon, 21 Apr 2014 00:46:00 +0200 Subject: [PATCH 1/2] escape gravatar URLs to comply with W3C standards This fixes an HTML validation error due to & not being properly escaped on the gravatar URLs. --- app/models/user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index 80d3c3bdf55..e957150db5b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -332,7 +332,7 @@ class User < ActiveRecord::Base def self.gravatar_template(email) email_hash = self.email_hash(email) - "//www.gravatar.com/avatar/#{email_hash}.png?s={size}&r=pg&d=identicon" + "//www.gravatar.com/avatar/#{email_hash}.png?s={size}&r=pg&d=identicon" end # Don't pass this up to the client - it's meant for server side use From 2c3a10aa5b628e6b29f38744efc82f9d7857d3e3 Mon Sep 17 00:00:00 2001 From: Jaime Iniesta Date: Mon, 21 Apr 2014 10:52:58 +0200 Subject: [PATCH 2/2] fixes user specs about ampersands in gravatar URLs --- spec/models/user_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index fcd8e635f88..981b798b833 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -969,7 +969,7 @@ describe User do describe "#gravatar_template" do it "returns a gravatar based template" do - User.gravatar_template("em@il.com").should == "//www.gravatar.com/avatar/6dc2fde946483a1d8a84b89345a1b638.png?s={size}&r=pg&d=identicon" + User.gravatar_template("em@il.com").should == "//www.gravatar.com/avatar/6dc2fde946483a1d8a84b89345a1b638.png?s={size}&r=pg&d=identicon" end end