<% if selected_section==Navigation::SECTION_HOME %>
<% ActiveDashboard.user_dashboards(current_user, true).each do |active_dashboard| %>
<li class="<%= 'active' if @dashboard && controller.controller_path=='dashboard' && active_dashboard.dashboard_id==@dashboard.id -%>">
- <a href="<%= ApplicationController.root_context -%>/dashboard/?did=<%= active_dashboard.dashboard_id -%>"><%= active_dashboard.dashboard.name(true) -%></a>
+ <a href="<%= ApplicationController.root_context -%>/dashboard/?did=<%= active_dashboard.dashboard_id -%>"><%= h active_dashboard.dashboard.name(true) -%></a>
</li>
<% end %>
selected=request.request_uri.include?("/plugins/home/#{page_url}")
%>
<li class="<%= 'active' if selected -%>">
- <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= message(page.getId() + '.page', :default => page.getTitle()) -%></a></li>
+ <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= h message(page.getId() + '.page', :default => page.getTitle()) -%></a></li>
<% end %>
<li class="spacer"></li>
<% elsif selected_section==Navigation::SECTION_RESOURCE %>
<% ActiveDashboard.user_dashboards(current_user, false).each do |active_dashboard| %>
<li class="<%= 'active' if @dashboard && controller.controller_path=='dashboard' && active_dashboard.dashboard_id==@dashboard.id -%>">
- <a href="<%= ApplicationController.root_context -%>/dashboard/index/<%= @project.id -%>?did=<%= active_dashboard.dashboard_id -%><%= "&"+period_param if period_param -%>"><%= active_dashboard.dashboard.name(true) -%></a>
+ <a href="<%= ApplicationController.root_context -%>/dashboard/index/<%= @project.id -%>?did=<%= active_dashboard.dashboard_id -%><%= "&"+period_param if period_param -%>"><%= h active_dashboard.dashboard.name(true) -%></a>
</li>
<% end %>
<li class="spacer"></li>
page_url = (page.isController() ? "#{page.getId()}?id=#{@project.id}" : "/plugins/resource/#{@project.id}?page=#{page.getId()}")
%>
<li class="<%= 'active' if request.request_uri.include?(page_url) -%>">
- <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= message(page.getId() + '.page', :default => page.getTitle()) %></a>
+ <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= h message(page.getId() + '.page', :default => page.getTitle()) -%></a>
</li>
<% end %>
<li class="<%= 'active' if controller.controller_path=='cloud' -%>">
page_url = (page.isController() ? page.getId() : "/plugins/configuration/#{page.getId()}")
%>
<li class="<%= 'active' if request.request_uri.include?(page_url) -%>">
- <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= message(page.getId() + '.page', :default => page.getTitle()) %></a>
+ <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= h message(page.getId() + '.page', :default => page.getTitle()) %></a>
</li>
<% end %>
<li class="spacer"></li>
controller.java_facade.getPages(Navigation::SECTION_RESOURCE_CONFIGURATION, @project.scope, @project.qualifier, @project.language, nil).each do |page|
page_url = "#{page.getId()}?resource=#{@project.id}"
%>
- <li><a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= message(page.getId() + '.page', :default => page.getTitle()) -%></a></li>
+ <li><a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= h message(page.getId() + '.page', :default => page.getTitle()) -%></a></li>
<% end
end %>
</ul>