From 45db7a778062fb69f8f6f7bc3c40b7a0b7cff7f5 Mon Sep 17 00:00:00 2001
From: Simon Brandhof <simon.brandhof@gmail.com>
Date: Fri, 6 Sep 2013 10:37:43 +0200
Subject: [PATCH] SSF-19

---
 .../webapp/WEB-INF/app/views/layouts/_layout.html.erb  | 10 +++++-----
 .../app/views/layouts/_menu_resource_settings.html.erb |  2 +-
 .../WEB-INF/app/views/layouts/_menu_user.html.erb      |  4 ++--
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_layout.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_layout.html.erb
index 013e9a882fc..5d487d62881 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_layout.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_layout.html.erb
@@ -50,7 +50,7 @@
           <% if selected_section==Navigation::SECTION_HOME %>
             <% ActiveDashboard.user_dashboards(current_user, true).each do |active_dashboard| %>
               <li class="<%= 'active' if @dashboard && controller.controller_path=='dashboard' && active_dashboard.dashboard_id==@dashboard.id -%>">
-                <a href="<%= ApplicationController.root_context -%>/dashboard/?did=<%= active_dashboard.dashboard_id -%>"><%= active_dashboard.dashboard.name(true) -%></a>
+                <a href="<%= ApplicationController.root_context -%>/dashboard/?did=<%= active_dashboard.dashboard_id -%>"><%= h active_dashboard.dashboard.name(true) -%></a>
               </li>
             <% end %>
 
@@ -59,7 +59,7 @@
               selected=request.request_uri.include?("/plugins/home/#{page_url}")
             %>
               <li class="<%= 'active' if selected -%>">
-                <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= message(page.getId() + '.page', :default => page.getTitle()) -%></a></li>
+                <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= h message(page.getId() + '.page', :default => page.getTitle()) -%></a></li>
             <% end %>
 
             <li class="spacer"></li>
@@ -74,7 +74,7 @@
           <% elsif selected_section==Navigation::SECTION_RESOURCE %>
             <% ActiveDashboard.user_dashboards(current_user, false).each do |active_dashboard| %>
               <li class="<%= 'active' if @dashboard && controller.controller_path=='dashboard' && active_dashboard.dashboard_id==@dashboard.id -%>">
-                <a href="<%= ApplicationController.root_context -%>/dashboard/index/<%= @project.id -%>?did=<%= active_dashboard.dashboard_id -%><%= "&"+period_param if period_param -%>"><%= active_dashboard.dashboard.name(true) -%></a>
+                <a href="<%= ApplicationController.root_context -%>/dashboard/index/<%= @project.id -%>?did=<%= active_dashboard.dashboard_id -%><%= "&"+period_param if period_param -%>"><%= h active_dashboard.dashboard.name(true) -%></a>
               </li>
             <% end %>
             <li class="spacer"></li>
@@ -89,7 +89,7 @@
               page_url = (page.isController() ? "#{page.getId()}?id=#{@project.id}" : "/plugins/resource/#{@project.id}?page=#{page.getId()}")
             %>
               <li class="<%= 'active' if request.request_uri.include?(page_url) -%>">
-                <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= message(page.getId() + '.page', :default => page.getTitle()) %></a>
+                <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= h message(page.getId() + '.page', :default => page.getTitle()) -%></a>
               </li>
             <% end %>
             <li class="<%= 'active' if controller.controller_path=='cloud' -%>">
@@ -119,7 +119,7 @@
               page_url = (page.isController() ? page.getId() : "/plugins/configuration/#{page.getId()}")
             %>
               <li class="<%= 'active' if request.request_uri.include?(page_url) -%>">
-                <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= message(page.getId() + '.page', :default => page.getTitle()) %></a>
+                <a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= h message(page.getId() + '.page', :default => page.getTitle()) %></a>
               </li>
             <% end %>
             <li class="spacer"></li>
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_menu_resource_settings.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_menu_resource_settings.html.erb
index 2eadf79f01d..2b7cfbab980 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_menu_resource_settings.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_menu_resource_settings.html.erb
@@ -35,7 +35,7 @@
           controller.java_facade.getPages(Navigation::SECTION_RESOURCE_CONFIGURATION, @project.scope, @project.qualifier, @project.language, nil).each do |page|
             page_url = "#{page.getId()}?resource=#{@project.id}"
       %>
-        <li><a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= message(page.getId() + '.page', :default => page.getTitle()) -%></a></li>
+        <li><a href="<%= ApplicationController.root_context -%><%= page_url -%>"><%= h message(page.getId() + '.page', :default => page.getTitle()) -%></a></li>
       <%   end
          end %>
     </ul>
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_menu_user.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_menu_user.html.erb
index ec6a9bdaff1..9fa5eed02ab 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_menu_user.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_menu_user.html.erb
@@ -1,5 +1,5 @@
 <li>
-  <a href="#" onclick="showDropdownMenu('user-panel'); return false;" class="link-more"><%= current_user.name -%></a>
+  <a href="#" onclick="showDropdownMenu('user-panel'); return false;" class="link-more"><%= h current_user.name -%></a>
   
   <div id="user-panel" class="dropdown-menu" style="display: none">
     <ul>
@@ -8,4 +8,4 @@
     </ul>
   </div>
   
-</li>
\ No newline at end of file
+</li>
-- 
2.39.5