richard-jfc
commented
1 month ago Looks like this is the line that needs to be escaped: https://github.com/dblock/slack-strava/blob/8c58921d782a1afdc8020e134295e5d575890b3b/public/subscribe.html.erb#L30
Closed richard-jfc closed 1 month ago
richard-jfc
commented
1 month ago Looks like this is the line that needs to be escaped: https://github.com/dblock/slack-strava/blob/8c58921d782a1afdc8020e134295e5d575890b3b/public/subscribe.html.erb#L30
dblock
commented
1 month ago Ouch, Rookie mistake on my part, need to do a more generic version of https://github.com/dblock/slack-sup/blob/8f1024bed728291f33adf9e3cc56d1bbd96a1eb0/public/subscribe.html.erb#L31. I'll take a look unless you want to contribute?
dblock
commented
1 month ago It got pretty involved, fixed in https://github.com/dblock/slack-strava/commit/3a70e5f70b778a79b79a1406ee629e379b07094e. Thanks for reporting this.
dblock
commented
1 month ago
When visiting the subscribe page it fails to load correctly if the team name contains an
'.Proposed Solution: The team name should be escaped.
I've worked around the issue by inspecting the page and manually escaping the team name.