Escapes HTML tags.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1612 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-07-02 17:27:16 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-07-02 17:27:16 +0000
commit: 9703f576d96c113f9c73a87f85ad7da3241525b2 (patch)
tree: 76da99c256b3b788106acc55afc18a366e57f7bd /app/views/account
parent: be57c20cd8392e8454f2e68d3ab2ce9d044c12e9 (diff)
download: redmine-9703f576d96c113f9c73a87f85ad7da3241525b2.tar.gz
redmine-9703f576d96c113f9c73a87f85ad7da3241525b2.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/app/views/account/show.rhtml b/app/views/account/show.rhtml
index 97212b377..2d0731b42 100644
--- a/app/views/account/show.rhtml
+++ b/app/views/account/show.rhtml
@@ -1,7 +1,7 @@
 <h2><%=h @user.name %></h2>
 
 <p>
-<%= mail_to @user.mail unless @user.pref.hide_mail %>
+<%= mail_to(h(@user.mail)) unless @user.pref.hide_mail %>
 <ul>
     <li><%=l(:label_registered_on)%>: <%= format_date(@user.created_on) %></li>
 <% for custom_value in @custom_values %>
@@ -16,8 +16,8 @@
 <h3><%=l(:label_project_plural)%></h3>
 <ul>
 <% for membership in @memberships %>
-	<li><%= link_to membership.project.name, :controller => 'projects', :action => 'show', :id => membership.project %>
-    (<%= membership.role.name %>, <%= format_date(membership.created_on) %>)</li>
+	<li><%= link_to(h(membership.project.name), :controller => 'projects', :action => 'show', :id => membership.project) %>
+    (<%=h membership.role.name %>, <%= format_date(membership.created_on) %>)</li>
 <% end %>
 </ul>
 <% end %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-07-02 17:27:16 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-07-02 17:27:16 +0000
commit	9703f576d96c113f9c73a87f85ad7da3241525b2 (patch)
tree	76da99c256b3b788106acc55afc18a366e57f7bd /app/views/account
parent	be57c20cd8392e8454f2e68d3ab2ce9d044c12e9 (diff)
download	redmine-9703f576d96c113f9c73a87f85ad7da3241525b2.tar.gz redmine-9703f576d96c113f9c73a87f85ad7da3241525b2.zip