From 84117d4827db45811e0813589e68bfffc63aae3f Mon Sep 17 00:00:00 2001
From: fabiogm <fmagalhaes@gmail.com>
Date: Thu, 16 Jan 2014 18:38:21 -0200
Subject: [PATCH] Fixing XSS issue in password reset notifications as reported
 in card #1934

---
 app/views/home/_notifications.html.erb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/views/home/_notifications.html.erb b/app/views/home/_notifications.html.erb
index f5c3004f6..aaaf4f7f9 100644
--- a/app/views/home/_notifications.html.erb
+++ b/app/views/home/_notifications.html.erb
@@ -6,7 +6,8 @@
         <% notification_for_user = User.find_by_user_name notification.user_name %>
         <li>
           <% if notification_for_user.nil? %>
-            <%= "#{notification.user_name} at #{notification.created_at.strftime('%Y/%m/%d')}. This username does not currently exist in the system. #{link_to("[hide]", hide_password_recovery_request_path(notification), :method => :delete) }".html_safe %>
+            <%= "#{notification.user_name}" %>  
+            <%= " at #{notification.created_at.strftime('%Y/%m/%d')}. This username does not currently exist in the system. #{link_to("[hide]", hide_password_recovery_request_path(notification), :method => :delete) }".html_safe %>
           <% else %>
             <%= "#{link_to notification.user_name, user_path(notification_for_user)} at #{notification.created_at.strftime('%Y/%m/%d')}. #{link_to("hide", hide_password_recovery_request_path(notification), :method => :delete)}".html_safe %>
           <% end %>
@@ -14,4 +15,4 @@
       <% end %>
     </ul>
   <% end %>
-<% end %>
\ No newline at end of file
+<% end %>