Escape member name.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Fri, 27 Mar 2009 18:27:06 +0000 (18:27 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Fri, 27 Mar 2009 18:27:06 +0000 (18:27 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 27 Mar 2009 18:27:06 +0000 (18:27 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 27 Mar 2009 18:27:06 +0000 (18:27 +0000)
diff --git a/app/views/projects/settings/_members.rhtml b/app/views/projects/settings/_members.rhtml

index 79ddeded5d72cb3f3c721571b8a0c396bc94a938..f70cef5a87b6ae7f6c8600d56d965530588ea01d 100644 (file)
--- a/app/views/projects/settings/_members.rhtml
+++ b/app/views/projects/settings/_members.rhtml
@@ -17,7 +17,7 @@
         <% members.each do |member| %>
         <% next if member.new_record? %>
         <tr id="member-<%= member.id %>" class="<%= cycle 'odd', 'even' %>">
-       <td><%= member.name %></td>
+       <td><%=h member.name %></td>
      <td align="center">
      <% if authorize_for('members', 'edit') %>
        <% remote_form_for(:member, member, :url => {:controller => 'members', :action => 'edit', :id => member}, :method => :post) do |f| %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Fri, 27 Mar 2009 18:27:06 +0000 (18:27 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Fri, 27 Mar 2009 18:27:06 +0000 (18:27 +0000)