From: Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Date: Tue, 2 Aug 2011 13:21:50 +0000 (+0000)
Subject: HTML escape at app/views/wiki/annotate.rhtml.
X-Git-Tag: 1.3.0~1548
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=abdf0fa21c1b9dd8d6025fc799208f3166f1c291;p=redmine.git

HTML escape at app/views/wiki/annotate.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6395 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/views/wiki/annotate.rhtml b/app/views/wiki/annotate.rhtml
index 863865a26..71691adca 100644
--- a/app/views/wiki/annotate.rhtml
+++ b/app/views/wiki/annotate.rhtml
@@ -8,8 +8,8 @@
 <h2><%=h @page.pretty_title %></h2>
 
 <p>
-<%= l(:label_version) %> <%= link_to @annotate.content.version, :action => 'show', :id => @page.title, :version => @annotate.content.version %>
-<em>(<%= @annotate.content.author ? @annotate.content.author.name : "anonyme" %>, <%= format_time(@annotate.content.updated_on) %>)</em>
+<%= l(:label_version) %> <%= link_to h(@annotate.content.version), :action => 'show', :id => @page.title, :version => @annotate.content.version %>
+<em>(<%= h(@annotate.content.author ? @annotate.content.author.name : "anonyme") %>, <%= format_time(@annotate.content.updated_on) %>)</em>
 </p>
 
 <% colors = Hash.new {|k,v| k[v] = (k.size % 12) } %>