Escape titles in activity view.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Thu, 14 Feb 2008 21:17:28 +0000 (21:17 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Thu, 14 Feb 2008 21:17:28 +0000 (21:17 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Thu, 14 Feb 2008 21:17:28 +0000 (21:17 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Thu, 14 Feb 2008 21:17:28 +0000 (21:17 +0000)
diff --git a/app/views/projects/activity.rhtml b/app/views/projects/activity.rhtml

index bde8065543b101792c91c5983ef9bda5a69494a3..12139c2e73e75761ef0ac24612681898c3c50f01 100644 (file)
--- a/app/views/projects/activity.rhtml
+++ b/app/views/projects/activity.rhtml
@@ -6,7 +6,7 @@
  <dl>
  <% @events_by_day[day].sort {|x,y| y.event_datetime <=> x.event_datetime }.each do |e| -%>
    <dt class="<%= e.class.name.downcase %>"><span class="time"><%= format_time(e.event_datetime, false) %></span>
-  <%= link_to truncate(e.event_title, 100), e.event_url %></dt>
+  <%= link_to h(truncate(e.event_title, 100)), e.event_url %></dt>
    <dd><% unless e.event_description.blank? -%>
    <span class="description"><%= format_activity_description(e.event_description) %></span><br />
    <% end %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Thu, 14 Feb 2008 21:17:28 +0000 (21:17 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Thu, 14 Feb 2008 21:17:28 +0000 (21:17 +0000)