HTML escape at app/views/issues/_attributes.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6369 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 13:03:06 +0000
committer: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 13:03:06 +0000
commit: dd28b61a68e765ec3b2ec67f12a12b9b02925378 (patch)
tree: 380d2d5a5990e71156298ddf2655bbe60ab54286 /app/views
parent: 1a02a73f8f15f7f32d93a9e3bcda312802d18777 (diff)
download: redmine-dd28b61a68e765ec3b2ec67f12a12b9b02925378.tar.gz
redmine-dd28b61a68e765ec3b2ec67f12a12b9b02925378.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/issues/_attributes.rhtml b/app/views/issues/_attributes.rhtml
index e2d04ee51..ba42b919b 100644
--- a/app/views/issues/_attributes.rhtml
+++ b/app/views/issues/_attributes.rhtml
@@ -4,7 +4,7 @@
 <% if @issue.new_record? || @allowed_statuses.any? %>
 <p><%= f.select :status_id, (@allowed_statuses.collect {|p| [p.name, p.id]}), :required => true %></p>
 <% else %>
-<p><label><%= l(:field_status) %></label> <%= @issue.status.name %></p>
+<p><label><%= l(:field_status) %></label> <%= h(@issue.status.name) %></p>
 <% end %>
 
 <p><%= f.select :priority_id, (@priorities.collect {|p| [p.name, p.id]}), {:required => true}, :disabled => !@issue.leaf? %></p>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 13:03:06 +0000
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 13:03:06 +0000
commit	dd28b61a68e765ec3b2ec67f12a12b9b02925378 (patch)
tree	380d2d5a5990e71156298ddf2655bbe60ab54286 /app/views
parent	1a02a73f8f15f7f32d93a9e3bcda312802d18777 (diff)
download	redmine-dd28b61a68e765ec3b2ec67f12a12b9b02925378.tar.gz redmine-dd28b61a68e765ec3b2ec67f12a12b9b02925378.zip