-<h1><%= link_to "#{issue.tracker.name} ##{issue.id}: #{issue.subject}", issue_url %></h1>
+<h1><%= link_to(h("#{issue.tracker.name} ##{issue.id}: #{issue.subject}"), issue_url) %></h1>
<ul>
-<li><%=l(:field_author)%>: <%= issue.author %></li>
-<li><%=l(:field_status)%>: <%= issue.status %></li>
-<li><%=l(:field_priority)%>: <%= issue.priority %></li>
-<li><%=l(:field_assigned_to)%>: <%= issue.assigned_to %></li>
-<li><%=l(:field_category)%>: <%= issue.category %></li>
-<li><%=l(:field_fixed_version)%>: <%= issue.fixed_version %></li>
+<li><%=l(:field_author)%>: <%=h issue.author %></li>
+<li><%=l(:field_status)%>: <%=h issue.status %></li>
+<li><%=l(:field_priority)%>: <%=h issue.priority %></li>
+<li><%=l(:field_assigned_to)%>: <%=h issue.assigned_to %></li>
+<li><%=l(:field_category)%>: <%=h issue.category %></li>
+<li><%=l(:field_fixed_version)%>: <%=h issue.fixed_version %></li>
<% issue.custom_values.each do |c| %>
- <li><%= c.custom_field.name %>: <%= show_value(c) %></li>
+ <li><%=h c.custom_field.name %>: <%=h show_value(c) %></li>
<% end %>
</ul>
-<p><%= l(:mail_body_account_activation_request, @user.login) %></p>
+<p><%= l(:mail_body_account_activation_request, h(@user.login)) %></p>
<p><%= link_to @url, @url %></p>
<% if @user.auth_source %>
-<p><%= l(:mail_body_account_information_external, @user.auth_source.name) %></p>
+<p><%= l(:mail_body_account_information_external, h(@user.auth_source.name)) %></p>
<% else %>
<p><%= l(:mail_body_account_information) %>:</p>
<ul>
- <li><%= l(:field_login) %>: <%= @user.login %></li>
- <li><%= l(:field_password) %>: <%= @password %></li>
+ <li><%= l(:field_login) %>: <%=h @user.login %></li>
+ <li><%= l(:field_password) %>: <%=h @password %></li>
</ul>
<% end %>
<%= link_to @added_to, @added_to_url %><br />
<ul><% @attachments.each do |attachment | %>
-<li><%= attachment.filename %></li>
+<li><%=h attachment.filename %></li>
<% end %></ul>
-<%= link_to @document.title, @document_url %> (<%= @document.category.name %>)<br />
+<%= link_to(h(@document.title), @document_url) %> (<%=h @document.category.name %>)<br />
<br />
<%= textilizable(@document, :description, :only_path => false) %>
-<%= l(:text_issue_added, :id => "##{@issue.id}", :author => @issue.author) %>
+<%= l(:text_issue_added, :id => "##{@issue.id}", :author => h(@issue.author)) %>
<hr />
<%= render :partial => "issue_text_html", :locals => { :issue => @issue, :issue_url => @issue_url } %>
-<%= l(:text_issue_updated, :id => "##{@issue.id}", :author => @journal.user) %>
+<%= l(:text_issue_updated, :id => "##{@issue.id}", :author => h(@journal.user)) %>
<ul>
<% for detail in @journal.details %>
<p><%= l(:mail_body_lost_password) %><br />
<%= auto_link(@url) %></p>
-<p><%= l(:field_login) %>: <b><%= @token.user.login %></b></p>
+<p><%= l(:field_login) %>: <b><%=h @token.user.login %></b></p>
-<h1><%=h @message.board.project.name %> - <%=h @message.board.name %>: <%= link_to @message.subject, @message_url %></h1>
-<em><%= @message.author %></em>
+<h1><%=h @message.board.project.name %> - <%=h @message.board.name %>: <%= link_to(h(@message.subject), @message_url) %></h1>
+<em><%=h @message.author %></em>
<%= textilizable(@message, :content, :only_path => false) %>
-<h1><%= link_to @news.title, @news_url %></h1>
-<em><%= @news.author.name %></em>
+<h1><%= link_to(h(@news.title), @news_url) %></h1>
+<em><%=h @news.author.name %></em>
<%= textilizable(@news, :description, :only_path => false) %>