SONAR-3406 Missing HTML escape in 'Edit rule' page in Quality profiles for rule param...

author Simon Brandhof <simon.brandhof@gmail.com>

Thu, 26 Apr 2012 20:20:59 +0000 (22:20 +0200)

committer Simon Brandhof <simon.brandhof@gmail.com>

Thu, 26 Apr 2012 20:21:14 +0000 (22:21 +0200)
author Simon Brandhof <simon.brandhof@gmail.com>
Thu, 26 Apr 2012 20:20:59 +0000 (22:20 +0200)
committer Simon Brandhof <simon.brandhof@gmail.com>
Thu, 26 Apr 2012 20:21:14 +0000 (22:21 +0200)
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/rules_configuration/edit.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/rules_configuration/edit.html.erb

index b80e056577456d20f06cec783d95e9bc750a830d..63990f20cd006bb22bd6b925df5a10c9d89de566 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/rules_configuration/edit.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/rules_configuration/edit.html.erb
@@ -44,7 +44,7 @@
        <td width="1%" nowrap><%= parameter.name %>:</td>
        <td class="sep"> </td>
        <td>
-        <input type="text" name="rule_param[<%= parameter.name -%>]" value="<%= parameter.default_value -%>"></input>
+        <input type="text" name="rule_param[<%= u parameter.name -%>]" value="<%= h parameter.default_value -%>"></input>
          <span class="small"><%= parameter.description %></span>
        </td>
      </tr>
author	Simon Brandhof <simon.brandhof@gmail.com>
	Thu, 26 Apr 2012 20:20:59 +0000 (22:20 +0200)
committer	Simon Brandhof <simon.brandhof@gmail.com>
	Thu, 26 Apr 2012 20:21:14 +0000 (22:21 +0200)