From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Thu, 14 Feb 2008 21:17:28 +0000 (+0000)
Subject: Escape titles in activity view.
X-Git-Tag: 0.7.0-RC1~142
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=71d089c83329a0dcaad650f3a97b8d5262db1dd8;p=redmine.git

Escape titles in activity view.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1145 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/views/projects/activity.rhtml b/app/views/projects/activity.rhtml
index bde806554..12139c2e7 100644
--- a/app/views/projects/activity.rhtml
+++ b/app/views/projects/activity.rhtml
@@ -6,7 +6,7 @@
 <dl>
 <% @events_by_day[day].sort {|x,y| y.event_datetime <=> x.event_datetime }.each do |e| -%>
   <dt class="<%= e.class.name.downcase %>"><span class="time"><%= format_time(e.event_datetime, false) %></span>
-  <%= link_to truncate(e.event_title, 100), e.event_url %></dt>
+  <%= link_to h(truncate(e.event_title, 100)), e.event_url %></dt>
   <dd><% unless e.event_description.blank? -%>
   <span class="description"><%= format_activity_description(e.event_description) %></span><br />
   <% end %>