From 3ce1be14f7db2fcf6a2654a3ed5fe5c118119ec4 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Fri, 19 Dec 2008 08:10:35 +0000 Subject: [PATCH] Escape textarea content when editing a issue note. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2143 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/views/journals/_notes_form.rhtml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/journals/_notes_form.rhtml b/app/views/journals/_notes_form.rhtml index 94c710ebd..6e6ad0f88 100644 --- a/app/views/journals/_notes_form.rhtml +++ b/app/views/journals/_notes_form.rhtml @@ -1,6 +1,6 @@ <% form_remote_tag(:url => {}, :html => { :id => "journal-#{@journal.id}-form" }) do %> - <%= text_area_tag :notes, @journal.notes, :class => 'wiki-edit', - :rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %> + <%= text_area_tag :notes, h(@journal.notes), :class => 'wiki-edit', + :rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %> <%= call_hook(:view_journals_notes_form_after_notes, { :journal => @journal}) %>

<%= submit_tag l(:button_save) %> <%= link_to l(:button_cancel), '#', :onclick => "Element.remove('journal-#{@journal.id}-form'); " + -- 2.39.5