HTML escape at app/views/issues/_attributes.rhtml.

author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:03:06 +0000 (13:03 +0000)

committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:03:06 +0000 (13:03 +0000)
author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:03:06 +0000 (13:03 +0000)
committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:03:06 +0000 (13:03 +0000)
diff --git a/app/views/issues/_attributes.rhtml b/app/views/issues/_attributes.rhtml

index e2d04ee517bbc82f9f1cd6ad949ec9440014aab2..ba42b919ba638696810869c0f0cd97c0c96a7b43 100644 (file)
--- a/app/views/issues/_attributes.rhtml
+++ b/app/views/issues/_attributes.rhtml
@@ -4,7 +4,7 @@
  <% if @issue.new_record? || @allowed_statuses.any? %>
  <p><%= f.select :status_id, (@allowed_statuses.collect {|p| [p.name, p.id]}), :required => true %></p>
  <% else %>
-<p><label><%= l(:field_status) %></label> <%= @issue.status.name %></p>
+<p><label><%= l(:field_status) %></label> <%= h(@issue.status.name) %></p>
  <% end %>
  
  <p><%= f.select :priority_id, (@priorities.collect {|p| [p.name, p.id]}), {:required => true}, :disabled => !@issue.leaf? %></p>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:03:06 +0000 (13:03 +0000)
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:03:06 +0000 (13:03 +0000)