HTML escape at app/views/common/_diff.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6360 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 12:55:55 +0000
committer: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 12:55:55 +0000
commit: f742cef0f15757b7ec3f0150dba2ae7040337f6d (patch)
tree: 62e12e8d80cf44c46c5cc88e0912517ca4aba1b9 /app/views/common
parent: 07baff465f4ce95598cf1ec5bf3ff1356a0cb685 (diff)
download: redmine-f742cef0f15757b7ec3f0150dba2ae7040337f6d.tar.gz
redmine-f742cef0f15757b7ec3f0150dba2ae7040337f6d.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/app/views/common/_diff.rhtml b/app/views/common/_diff.rhtml
index 03b06a0ce..9967a6810 100644
--- a/app/views/common/_diff.rhtml
+++ b/app/views/common/_diff.rhtml
@@ -5,7 +5,7 @@
 <% if diff.diff_type == 'sbs' -%>
 <table class="filecontent">
 <thead>
-<tr><th colspan="4" class="filename"><%=to_utf8 table_file.file_name %></th></tr>
+<tr><th colspan="4" class="filename"><%=h(to_utf8(table_file.file_name)) %></th></tr>
 </thead>
 <tbody>
 <% table_file.each_line do |spacing, line| -%>
@@ -31,7 +31,7 @@
 <% else -%>
 <table class="filecontent">
 <thead>
-<tr><th colspan="3" class="filename"><%=to_utf8 table_file.file_name %></th></tr>
+<tr><th colspan="3" class="filename"><%=h(to_utf8(table_file.file_name)) %></th></tr>
 </thead>
 <tbody>
 <% table_file.each_line do |spacing, line| %>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 12:55:55 +0000
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 12:55:55 +0000
commit	f742cef0f15757b7ec3f0150dba2ae7040337f6d (patch)
tree	62e12e8d80cf44c46c5cc88e0912517ca4aba1b9 /app/views/common
parent	07baff465f4ce95598cf1ec5bf3ff1356a0cb685 (diff)
download	redmine-f742cef0f15757b7ec3f0150dba2ae7040337f6d.tar.gz redmine-f742cef0f15757b7ec3f0150dba2ae7040337f6d.zip