Additional escaping.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6327 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2011-07-30 08:35:43 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2011-07-30 08:35:43 +0000
commit: c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c (patch)
tree: 1f0df81a92c6c9393e2e1ca8f036b11f62ff352f /app/views/projects
parent: 12785890180a9ee3e3cc88223615ccff2d966c42 (diff)
download: redmine-c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c.tar.gz
redmine-c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/app/views/projects/_form.rhtml b/app/views/projects/_form.rhtml
index 9772a899c..45d0ff1c4 100644
--- a/app/views/projects/_form.rhtml
+++ b/app/views/projects/_form.rhtml
@@ -42,7 +42,7 @@
 <% @trackers.each do |tracker| %>
     <label class="floating">
     <%= check_box_tag 'project[tracker_ids][]', tracker.id, @project.trackers.include?(tracker) %>
-    <%= tracker %>
+    <%=h tracker %>
     </label>
 <% end %>
 <%= hidden_field_tag 'project[tracker_ids][]', '' %>
@@ -54,7 +54,7 @@
 <% @issue_custom_fields.each do |custom_field| %>
     <label class="floating">
 	<%= check_box_tag 'project[issue_custom_field_ids][]', custom_field.id, (@project.all_issue_custom_fields.include? custom_field), (custom_field.is_for_all? ? {:disabled => "disabled"} : {}) %>
-	<%= custom_field.name %>
+	<%=h custom_field.name %>
 	</label>
 <% end %>
 <%= hidden_field_tag 'project[issue_custom_field_ids][]', '' %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2011-07-30 08:35:43 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2011-07-30 08:35:43 +0000
commit	c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c (patch)
tree	1f0df81a92c6c9393e2e1ca8f036b11f62ff352f /app/views/projects
parent	12785890180a9ee3e3cc88223615ccff2d966c42 (diff)
download	redmine-c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c.tar.gz redmine-c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c.zip