Additional escaping.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6327 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2011-07-30 08:35:43 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2011-07-30 08:35:43 +0000
commit: c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c (patch)
tree: 1f0df81a92c6c9393e2e1ca8f036b11f62ff352f /app/views/reports
parent: 12785890180a9ee3e3cc88223615ccff2d966c42 (diff)
download: redmine-c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c.tar.gz
redmine-c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c.zip
2 files changed, 3 insertions, 3 deletions
diff --git a/app/views/reports/_details.rhtml b/app/views/reports/_details.rhtml
index c9cd88bb8..7b565a325 100644
--- a/app/views/reports/_details.rhtml
+++ b/app/views/reports/_details.rhtml
@@ -6,7 +6,7 @@
 <thead><tr>
 <th style="width:25%"></th>
 <% for status in @statuses %>
-<th style="width:<%= col_width %>%"><%= status.name %></th>
+<th style="width:<%= col_width %>%"><%=h status.name %></th>
 <% end %>
 <th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_open_issues_plural)%></strong></th>
 <th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_closed_issues_plural)%></strong></th>
@@ -15,7 +15,7 @@
 <tbody>
 <% for row in rows %>
 <tr class="<%= cycle("odd", "even") %>">
-  <td><%= link_to row.name, :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)), 
+  <td><%= link_to h(row.name), :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)), 
                                                 :set_filter => 1, 
                                                 :subproject_id => '!*',
                                                 "#{field_name}" => row.id %></td>
diff --git a/app/views/reports/_simple.rhtml b/app/views/reports/_simple.rhtml
index e82f376a1..8d47bba76 100644
--- a/app/views/reports/_simple.rhtml
+++ b/app/views/reports/_simple.rhtml
@@ -11,7 +11,7 @@
 <tbody>
 <% for row in rows %>
 <tr class="<%= cycle("odd", "even") %>">
-  <td><%= link_to row.name, :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)), 
+  <td><%= link_to h(row.name), :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)), 
                                                 :set_filter => 1, 
                                                 :subproject_id => '!*',
                                                 "#{field_name}" => row.id %></td>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2011-07-30 08:35:43 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2011-07-30 08:35:43 +0000
commit	c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c (patch)
tree	1f0df81a92c6c9393e2e1ca8f036b11f62ff352f /app/views/reports
parent	12785890180a9ee3e3cc88223615ccff2d966c42 (diff)
download	redmine-c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c.tar.gz redmine-c3be706ce572f7a7e1c5f47b62215a1aeb66ee2c.zip