HTML escape at app/views/projects/list_members.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6380 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 13:10:59 +0000
committer: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 13:10:59 +0000
commit: 6a4114e842aa2e4850abcc4cce797c08d711db50 (patch)
tree: e7a50bba25ad3305b739f955c010a53d7e327be6 /app/views
parent: 2b3726bdc07ef58e2a7d3a27fcd2ac884aaee39a (diff)
download: redmine-6a4114e842aa2e4850abcc4cce797c08d711db50.tar.gz
redmine-6a4114e842aa2e4850abcc4cce797c08d711db50.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/projects/list_members.rhtml b/app/views/projects/list_members.rhtml
index 7f2ae3795..04de16044 100644
--- a/app/views/projects/list_members.rhtml
+++ b/app/views/projects/list_members.rhtml
@@ -4,7 +4,7 @@
 
 <% members = @members.group_by {|m| m.role } %>
 <% members.keys.sort{|x,y| x.position <=> y.position}.each do |role| %>
-<h3><%= role.name %></h3>
+<h3><%= h(role.name) %></h3>
 <ul>
 <% members[role].each do |m| %>
 <li><%= link_to_user m.user %> (<%= format_date m.created_on %>)</li>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 13:10:59 +0000
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 13:10:59 +0000
commit	6a4114e842aa2e4850abcc4cce797c08d711db50 (patch)
tree	e7a50bba25ad3305b739f955c010a53d7e327be6 /app/views
parent	2b3726bdc07ef58e2a7d3a27fcd2ac884aaee39a (diff)
download	redmine-6a4114e842aa2e4850abcc4cce797c08d711db50.tar.gz redmine-6a4114e842aa2e4850abcc4cce797c08d711db50.zip