Additional escaping.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6327 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 2 insertions, 2 deletions

diff --git a/app/views/custom_fields/_form.rhtml b/app/views/custom_fields/_form.rhtml
index 2900af900..7bbce5d57 100644
--- a/app/views/custom_fields/_form.rhtml
+++ b/app/views/custom_fields/_form.rhtml
@@ -82,7 +82,7 @@ when "IssueCustomField" %>
     
     <fieldset><legend><%=l(:label_tracker_plural)%></legend>
     <% for tracker in @trackers %>
-        <%= check_box_tag "custom_field[tracker_ids][]", tracker.id, (@custom_field.trackers.include? tracker) %> <%= tracker.name %>
+        <%= check_box_tag "custom_field[tracker_ids][]", tracker.id, (@custom_field.trackers.include? tracker) %> <%=h tracker.name %>
     <% end %>
 		<%= hidden_field_tag "custom_field[tracker_ids][]", '' %>
     </fieldset>
diff --git a/app/views/custom_fields/_index.rhtml b/app/views/custom_fields/_index.rhtml
index 21ae01bef..a6495fbfe 100644
--- a/app/views/custom_fields/_index.rhtml
+++ b/app/views/custom_fields/_index.rhtml
@@ -13,7 +13,7 @@
   <tbody>
 	<% (@custom_fields_by_type[tab[:name]] || []).sort.each do |custom_field| -%>
 		<tr class="<%= cycle("odd", "even") %>">
-			<td><%= link_to custom_field.name, :action => 'edit', :id => custom_field %></td>
+			<td><%= link_to h(custom_field.name), :action => 'edit', :id => custom_field %></td>
 			<td align="center"><%= l(Redmine::CustomFieldFormat.label_for(custom_field.field_format)) %></td>
 			<td align="center"><%= checked_image custom_field.is_required? %></td>
 			<% if tab[:name] == 'IssueCustomField' %>