HTML escape at app/views/attachments/_links.rhtml.

author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 12:54:18 +0000 (12:54 +0000)

committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 12:54:18 +0000 (12:54 +0000)
author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 12:54:18 +0000 (12:54 +0000)
committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 12:54:18 +0000 (12:54 +0000)
diff --git a/app/views/attachments/_links.rhtml b/app/views/attachments/_links.rhtml

index 19ab6734a11380598384b3c42464c4b6de8f51af..4f4e2d180de9a937e7dbc923f1b19abd324a5ffe 100644 (file)
--- a/app/views/attachments/_links.rhtml
+++ b/app/views/attachments/_links.rhtml
@@ -11,7 +11,7 @@
                                           :title => l(:button_delete) %>
    <% end %>
    <% if options[:author] %>
-    <span class="author"><%= attachment.author %>, <%= format_time(attachment.created_on) %></span>
+    <span class="author"><%= h(attachment.author) %>, <%= format_time(attachment.created_on) %></span>
    <% end %>
    </p>
  <% end %>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 12:54:18 +0000 (12:54 +0000)
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 12:54:18 +0000 (12:54 +0000)