HTML escape at app/views/projects/list_members.rhtml.

author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:10:59 +0000 (13:10 +0000)

committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:10:59 +0000 (13:10 +0000)
author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:10:59 +0000 (13:10 +0000)
committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:10:59 +0000 (13:10 +0000)
diff --git a/app/views/projects/list_members.rhtml b/app/views/projects/list_members.rhtml

index 7f2ae37957556fb322b5c25308848e1a347ec925..04de16044ac01e921afd4c51e95ed05fbe63d2fc 100644 (file)
--- a/app/views/projects/list_members.rhtml
+++ b/app/views/projects/list_members.rhtml
@@ -4,7 +4,7 @@
  
  <% members = @members.group_by {|m| m.role } %>
  <% members.keys.sort{|x,y| x.position <=> y.position}.each do |role| %>
-<h3><%= role.name %></h3>
+<h3><%= h(role.name) %></h3>
  <ul>
  <% members[role].each do |m| %>
  <li><%= link_to_user m.user %> (<%= format_date m.created_on %>)</li>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:10:59 +0000 (13:10 +0000)
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:10:59 +0000 (13:10 +0000)