HTML escape at app/views/queries/index.rhtml.

author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:11:38 +0000 (13:11 +0000)

committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:11:38 +0000 (13:11 +0000)
author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:11:38 +0000 (13:11 +0000)
committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:11:38 +0000 (13:11 +0000)
diff --git a/app/views/queries/index.rhtml b/app/views/queries/index.rhtml

index 1c608b8acd571fd31d365279165d78a35a95c4f2..aa2a94a8456e439ccbd89f7a9bb31b19182cac20 100644 (file)
--- a/app/views/queries/index.rhtml
+++ b/app/views/queries/index.rhtml
@@ -11,7 +11,7 @@
    <% @queries.each do |query| %>
      <tr class="<%= cycle('odd', 'even') %>">
        <td>
-        <%= link_to query.name, :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %>
+        <%= link_to h(query.name), :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %>
        </td>
        <td align="right">
          <small>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:11:38 +0000 (13:11 +0000)
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:11:38 +0000 (13:11 +0000)