link_to_issue(issue) + "<br /><br />" +
"<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />" +
- "<strong>#{@cached_label_status}</strong>: #{issue.status.name}<br />" +
+ "<strong>#{@cached_label_status}</strong>: #{h(issue.status.name)}<br />" +
"<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
"<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
- "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
- "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
+ "<strong>#{@cached_label_assigned_to}</strong>: #{h(issue.assigned_to)}<br />" +
+ "<strong>#{@cached_label_priority}</strong>: #{h(issue.priority.name)}"
end
def issue_heading(issue)
# links to #index on issues/show
url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params
- content_tag('h3', title) +
+ content_tag('h3', h(title)) +
queries.collect {|query|
link_to(h(query.name), url_params.merge(:query_id => query))
}.join('<br />')
projects / redmine.git / commitdiff