HTML escape at app/views/common/_diff.rhtml.

author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 12:55:55 +0000 (12:55 +0000)

committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 12:55:55 +0000 (12:55 +0000)
author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 12:55:55 +0000 (12:55 +0000)
committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 12:55:55 +0000 (12:55 +0000)
diff --git a/app/views/common/_diff.rhtml b/app/views/common/_diff.rhtml

index 03b06a0cec522302fd0bb8e244c61c77e47812c7..9967a6810300819eb584e169d60f5e1b831857cc 100644 (file)
--- a/app/views/common/_diff.rhtml
+++ b/app/views/common/_diff.rhtml
@@ -5,7 +5,7 @@
  <% if diff.diff_type == 'sbs' -%>
  <table class="filecontent">
  <thead>
-<tr><th colspan="4" class="filename"><%=to_utf8 table_file.file_name %></th></tr>
+<tr><th colspan="4" class="filename"><%=h(to_utf8(table_file.file_name)) %></th></tr>
  </thead>
  <tbody>
  <% table_file.each_line do |spacing, line| -%>
@@ -31,7 +31,7 @@
  <% else -%>
  <table class="filecontent">
  <thead>
-<tr><th colspan="3" class="filename"><%=to_utf8 table_file.file_name %></th></tr>
+<tr><th colspan="3" class="filename"><%=h(to_utf8(table_file.file_name)) %></th></tr>
  </thead>
  <tbody>
  <% table_file.each_line do |spacing, line| %>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 12:55:55 +0000 (12:55 +0000)
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 12:55:55 +0000 (12:55 +0000)