HTML escape at app/views/issues/_list_simple.rhtml.

author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:03:51 +0000 (13:03 +0000)

committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 13:03:51 +0000 (13:03 +0000)
author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:03:51 +0000 (13:03 +0000)
committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 13:03:51 +0000 (13:03 +0000)
diff --git a/app/views/issues/_list_simple.rhtml b/app/views/issues/_list_simple.rhtml

index dd7f48946a2f31e2fc2b0728bf46b121b90209f6..1fcb07aeec8f943a22f3426de64cf1c183ed935b 100644 (file)
--- a/app/views/issues/_list_simple.rhtml
+++ b/app/views/issues/_list_simple.rhtml
@@ -9,10 +9,10 @@
                 </tr></thead>
                 <tbody> 
                 <% for issue in issues %>
-               <tr id="issue-<%= issue.id %>" class="hascontextmenu <%= cycle('odd', 'even') %> <%= issue.css_classes %>">
+               <tr id="issue-<%= h(issue.id) %>" class="hascontextmenu <%= cycle('odd', 'even') %> <%= issue.css_classes %>">
                         <td class="id">
                           <%= check_box_tag("ids[]", issue.id, false, :style => 'display:none;') %>
-                               <%= link_to issue.id, :controller => 'issues', :action => 'show', :id => issue %>
+                               <%= link_to(h(issue.id), :controller => 'issues', :action => 'show', :id => issue) %>
                         </td>
                         <td class="project"><%= link_to_project(issue.project) %></td>
                         <td class="tracker"><%=h issue.tracker %></td>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:03:51 +0000 (13:03 +0000)
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 13:03:51 +0000 (13:03 +0000)