HTML escape at app/views/wiki/export_multiple.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6391 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/views/wiki/export_multiple.rhtml b/app/views/wiki/export_multiple.rhtml
index 31fa557c72268a1f518cae2c4cbed90c1cbf6d48..df8f7401232e7c688855db73420d4bbbcb039a24 100644 (file)
--- a/app/views/wiki/export_multiple.rhtml
+++ b/app/views/wiki/export_multiple.rhtml
@@ -20,13 +20,13 @@ h1:hover a.wiki-anchor, h2:hover a.wiki-anchor, h3:hover a.wiki-anchor { display
 <strong><%= l(:label_index_by_title) %></strong>
 <ul>
 <% @pages.each do |page| %>
-    <li><a href="#<%= page.title %>"><%= page.pretty_title %></a></li>
+    <li><a href="#<%= h(page.title) %>"><%= h(page.pretty_title) %></a></li>
 <% end %>
 </ul>
 
 <% @pages.each do |page| %>
 <hr />
-<a name="<%= page.title %>" />
+<a name="<%= h(page.title) %>" />
 <%= textilizable page.content ,:text, :wiki_links => :anchor %>
 <% end %>