Ensure that values of multi-value fields are HTML-escaped in issue list (#27186).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sun, 15 Oct 2017 11:08:46 +0000 (11:08 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sun, 15 Oct 2017 11:08:46 +0000 (11:08 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sun, 15 Oct 2017 11:08:46 +0000 (11:08 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sun, 15 Oct 2017 11:08:46 +0000 (11:08 +0000)
diff --git a/app/helpers/queries_helper.rb b/app/helpers/queries_helper.rb

index acab44536c8f309740d93660501f65cafdc024db..a4c3c3e7b3f20816be4d3fca87220dc5b6984dac 100644 (file)
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -201,7 +201,8 @@ module QueriesHelper
    def column_content(column, item)
      value = column.value_object(item)
      if value.is_a?(Array)
-      value.collect {|v| column_value(column, item, v)}.compact.join(', ').html_safe
+      values = value.collect {|v| column_value(column, item, v)}.compact
+      safe_join(values, ', ')
      else
        column_value(column, item, value)
      end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sun, 15 Oct 2017 11:08:46 +0000 (11:08 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sun, 15 Oct 2017 11:08:46 +0000 (11:08 +0000)