HTML escape.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 30 Jul 2011 11:21:19 +0000 (11:21 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 30 Jul 2011 11:21:19 +0000 (11:21 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 30 Jul 2011 11:21:19 +0000 (11:21 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 30 Jul 2011 11:21:19 +0000 (11:21 +0000)
diff --git a/app/views/projects/show.rhtml b/app/views/projects/show.rhtml

index 7cc554c8462905daccb81b51de3c355970e791cb..0c35c1fa59fe69c018ed255a2aaacd729fcea881 100644 (file)
--- a/app/views/projects/show.rhtml
+++ b/app/views/projects/show.rhtml
@@ -18,7 +18,7 @@
    <% end %>
         <% @project.visible_custom_field_values.each do |custom_value| %>
         <% if !custom_value.value.blank? %>
-          <li><%= custom_value.custom_field.name%>: <%=h show_value(custom_value) %></li>
+          <li><%=h custom_value.custom_field.name %>: <%=h show_value(custom_value) %></li>
         <% end %>
         <% end %>
         </ul>   
@@ -28,7 +28,7 @@
      <h3><%=l(:label_issue_tracking)%></h3>
      <ul>
      <% for tracker in @trackers %>    
-      <li><%= link_to tracker.name, :controller => 'issues', :action => 'index', :project_id => @project, 
+      <li><%= link_to h(tracker.name), :controller => 'issues', :action => 'index', :project_id => @project, 
                                                  :set_filter => 1, 
                                                  "tracker_id" => tracker.id %>:
                                         <%= l(:label_x_open_issues_abbr_on_total, :count => @open_issues_by_tracker[tracker].to_i,
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 30 Jul 2011 11:21:19 +0000 (11:21 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 30 Jul 2011 11:21:19 +0000 (11:21 +0000)