HTML escape.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 30 Jul 2011 11:27:04 +0000 (11:27 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 30 Jul 2011 11:27:04 +0000 (11:27 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 30 Jul 2011 11:27:04 +0000 (11:27 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 30 Jul 2011 11:27:04 +0000 (11:27 +0000)
diff --git a/app/views/context_menus/time_entries.html.erb b/app/views/context_menus/time_entries.html.erb

index ed6ba4ee76ddf976ed7cb14312617f2113f6d58b..fc665487a7acb2145a0ee5396267584bb35dc5ea 100644 (file)
--- a/app/views/context_menus/time_entries.html.erb
+++ b/app/views/context_menus/time_entries.html.erb
@@ -14,7 +14,7 @@
                 <a href="#" class="submenu"><%= l(:field_activity) %></a>
                 <ul>
                 <% @activities.each do |u| -%>
-                   <li><%= context_menu_link u.name, {:controller => 'timelog', :action => 'bulk_edit', :ids => @time_entries.collect(&:id), :time_entry => {'activity_id' => u}, :back_url => @back}, :method => :post,
+                   <li><%= context_menu_link h(u.name), {:controller => 'timelog', :action => 'bulk_edit', :ids => @time_entries.collect(&:id), :time_entry => {'activity_id' => u}, :back_url => @back}, :method => :post,
                                               :selected => (@time_entry && u == @time_entry.activity), :disabled => !@can[:update] %></li>
                 <% end -%>
                     <li><%= context_menu_link l(:label_nobody), {:controller => 'timelog', :action => 'bulk_edit', :ids => @time_entries.collect(&:id), :time_entry => {'activity_id' => 'none'}, :back_url => @back}, :method => :post,
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 30 Jul 2011 11:27:04 +0000 (11:27 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 30 Jul 2011 11:27:04 +0000 (11:27 +0000)