Ensure that values of multi-value fields are HTML-escaped in issue list (#27186).

Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@16984 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2017-10-15 11:08:46 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2017-10-15 11:08:46 +0000
commit: 56c8ee0440d8555aa7822d947ba9091c8a791508 (patch)
tree: 6fa4a6cf4e057e17c7f5489a8dba6ecf57359966 /app/helpers/queries_helper.rb
parent: 1a0976417975a128b0a932ba1552c37e9414953b (diff)
download: redmine-56c8ee0440d8555aa7822d947ba9091c8a791508.tar.gz
redmine-56c8ee0440d8555aa7822d947ba9091c8a791508.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/app/helpers/queries_helper.rb b/app/helpers/queries_helper.rb
index acab44536..a4c3c3e7b 100644
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -201,7 +201,8 @@ module QueriesHelper
   def column_content(column, item)
     value = column.value_object(item)
     if value.is_a?(Array)
-      value.collect {|v| column_value(column, item, v)}.compact.join(', ').html_safe
+      values = value.collect {|v| column_value(column, item, v)}.compact
+      safe_join(values, ', ')
     else
       column_value(column, item, value)
     end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2017-10-15 11:08:46 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2017-10-15 11:08:46 +0000
commit	56c8ee0440d8555aa7822d947ba9091c8a791508 (patch)
tree	6fa4a6cf4e057e17c7f5489a8dba6ecf57359966 /app/helpers/queries_helper.rb
parent	1a0976417975a128b0a932ba1552c37e9414953b (diff)
download	redmine-56c8ee0440d8555aa7822d947ba9091c8a791508.tar.gz redmine-56c8ee0440d8555aa7822d947ba9091c8a791508.zip