From 5856c3ecdf930faa54ce6f0c28591931c15e0865 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com>
Date: Tue, 8 Apr 2014 12:28:34 +0200
Subject: [PATCH] Protect agains XSS of user name in issue viewer

---
 .../src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb
index 7f15477920d..f83a9992c99 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb
@@ -134,7 +134,7 @@
          comment_html_id = "comment-#{comment.key}-#{rand(100)}" %>
       <div class="code-issue-comment" id="<%= comment_html_id -%>" data-comment-key="<%= comment.key -%>">
         <h4>
-          <%= image_tag('reviews/comment.png') -%> &nbsp;<b><%= @issue_results.user(comment.userLogin()).name() -%></b>
+          <%= image_tag('reviews/comment.png') -%> &nbsp;<b><%= h( @issue_results.user(comment.userLogin()).name() ) -%></b>
           (<%= distance_of_time_in_words_to_now(Api::Utils.java_to_ruby_datetime(comment.createdAt)) -%>)
           <% if current_user && current_user.login==comment.userLogin %>
             &nbsp;
-- 
2.39.5