Escaping in html email templates (#4874).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3452 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-02-18 19:13:38 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-02-18 19:13:38 +0000
commit: 026fbb99a6380054545c14c16590e96a9e77995c (patch)
tree: a4dd6368a2024c346fa6762dda2df820c485e7e3 /app/views/mailer/attachments_added.text.html.rhtml
parent: d18fba4ffe9051a215073c5e1474fc377907375c (diff)
download: redmine-026fbb99a6380054545c14c16590e96a9e77995c.tar.gz
redmine-026fbb99a6380054545c14c16590e96a9e77995c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/mailer/attachments_added.text.html.rhtml b/app/views/mailer/attachments_added.text.html.rhtml
index d2355b1c4..369834b6d 100644
--- a/app/views/mailer/attachments_added.text.html.rhtml
+++ b/app/views/mailer/attachments_added.text.html.rhtml
@@ -1,5 +1,5 @@
 <%= link_to @added_to, @added_to_url %><br />
 
 <ul><% @attachments.each do |attachment | %>
-<li><%= attachment.filename %></li>
+<li><%=h attachment.filename %></li>
 <% end %></ul>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-02-18 19:13:38 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-02-18 19:13:38 +0000
commit	026fbb99a6380054545c14c16590e96a9e77995c (patch)
tree	a4dd6368a2024c346fa6762dda2df820c485e7e3 /app/views/mailer/attachments_added.text.html.rhtml
parent	d18fba4ffe9051a215073c5e1474fc377907375c (diff)
download	redmine-026fbb99a6380054545c14c16590e96a9e77995c.tar.gz redmine-026fbb99a6380054545c14c16590e96a9e77995c.zip