HTML escape at app/views/search/index.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6348 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/views/search/index.rhtml b/app/views/search/index.rhtml
index 606565c904011da64773c3699569b58828ab59dd..08acb2857f89932cc182ed9aea2547b7a9300dc7 100644 (file)
--- a/app/views/search/index.rhtml
+++ b/app/views/search/index.rhtml
@@ -28,8 +28,8 @@
     <h3><%= l(:label_result_plural) %> (<%= @results_by_type.values.sum %>)</h3>
     <dl id="search-results">
       <% @results.each do |e| %>
-        <dt class="<%= e.event_type %>"><%= content_tag('span', h(e.project), :class => 'project') unless @project == e.project %> <%= link_to highlight_tokens(truncate(e.event_title, :length => 255), @tokens), e.event_url %></dt>
-        <dd><span class="description"><%= highlight_tokens(e.event_description, @tokens) %></span>
+        <dt class="<%= e.event_type %>"><%= content_tag('span', h(e.project), :class => 'project') unless @project == e.project %> <%= link_to highlight_tokens(truncate(h(e.event_title), :length => 255), @tokens), e.event_url %></dt>
+        <dd><span class="description"><%= highlight_tokens(h(e.event_description), @tokens) %></span>
         <span class="author"><%= format_time(e.event_datetime) %></span></dd>
       <% end %>
     </dl>