From 5ba1ef5df7df30a61c837f31572477d0b8b0eb38 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 30 Jul 2011 11:21:19 +0000
Subject: [PATCH] HTML escape.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6329 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/views/projects/show.rhtml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/views/projects/show.rhtml b/app/views/projects/show.rhtml
index 7cc554c84..0c35c1fa5 100644
--- a/app/views/projects/show.rhtml
+++ b/app/views/projects/show.rhtml
@@ -18,7 +18,7 @@
   <% end %>
 	<% @project.visible_custom_field_values.each do |custom_value| %>
 	<% if !custom_value.value.blank? %>
-	   <li><%= custom_value.custom_field.name%>: <%=h show_value(custom_value) %></li>
+	   <li><%=h custom_value.custom_field.name %>: <%=h show_value(custom_value) %></li>
 	<% end %>
 	<% end %>
 	</ul>	
@@ -28,7 +28,7 @@
     <h3><%=l(:label_issue_tracking)%></h3>
     <ul>
     <% for tracker in @trackers %>    
-      <li><%= link_to tracker.name, :controller => 'issues', :action => 'index', :project_id => @project, 
+      <li><%= link_to h(tracker.name), :controller => 'issues', :action => 'index', :project_id => @project, 
                                                 :set_filter => 1, 
                                                 "tracker_id" => tracker.id %>:
 					<%= l(:label_x_open_issues_abbr_on_total, :count => @open_issues_by_tracker[tracker].to_i,
-- 
2.39.5