HTML escape at app/views/wiki/annotate.rhtml.

author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:21:50 +0000 (13:21 +0000)

committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:21:50 +0000 (13:21 +0000)
author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:21:50 +0000 (13:21 +0000)
committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:21:50 +0000 (13:21 +0000)
diff --git a/app/views/wiki/annotate.rhtml b/app/views/wiki/annotate.rhtml

index 863865a26f38cd2a8d129991c0dda2a94c0bdf73..71691adca097ae9390d7c377cf2368b954004706 100644 (file)
--- a/app/views/wiki/annotate.rhtml
+++ b/app/views/wiki/annotate.rhtml
@@ -8,8 +8,8 @@
  <h2><%=h @page.pretty_title %></h2>
  
  <p>
-<%= l(:label_version) %> <%= link_to @annotate.content.version, :action => 'show', :id => @page.title, :version => @annotate.content.version %>
-<em>(<%= @annotate.content.author ? @annotate.content.author.name : "anonyme" %>, <%= format_time(@annotate.content.updated_on) %>)</em>
+<%= l(:label_version) %> <%= link_to h(@annotate.content.version), :action => 'show', :id => @page.title, :version => @annotate.content.version %>
+<em>(<%= h(@annotate.content.author ? @annotate.content.author.name : "anonyme") %>, <%= format_time(@annotate.content.updated_on) %>)</em>
  </p>
  
  <% colors = Hash.new {|k,v| k[v] = (k.size % 12) } %>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:21:50 +0000 (13:21 +0000)
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:21:50 +0000 (13:21 +0000)