Escape titles in activity view.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1145 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-02-14 21:17:28 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-02-14 21:17:28 +0000
commit: 71d089c83329a0dcaad650f3a97b8d5262db1dd8 (patch)
tree: b2143666bee09f5e5f711fe67eda4ddc93046ab4 /app
parent: 8adb320978290991bc3d75864a5dc3476be9b81b (diff)
download: redmine-71d089c83329a0dcaad650f3a97b8d5262db1dd8.tar.gz
redmine-71d089c83329a0dcaad650f3a97b8d5262db1dd8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/projects/activity.rhtml b/app/views/projects/activity.rhtml
index bde806554..12139c2e7 100644
--- a/app/views/projects/activity.rhtml
+++ b/app/views/projects/activity.rhtml
@@ -6,7 +6,7 @@
 <dl>
 <% @events_by_day[day].sort {|x,y| y.event_datetime <=> x.event_datetime }.each do |e| -%>
   <dt class="<%= e.class.name.downcase %>"><span class="time"><%= format_time(e.event_datetime, false) %></span>
-  <%= link_to truncate(e.event_title, 100), e.event_url %></dt>
+  <%= link_to h(truncate(e.event_title, 100)), e.event_url %></dt>
   <dd><% unless e.event_description.blank? -%>
   <span class="description"><%= format_activity_description(e.event_description) %></span><br />
   <% end %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-02-14 21:17:28 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-02-14 21:17:28 +0000
commit	71d089c83329a0dcaad650f3a97b8d5262db1dd8 (patch)
tree	b2143666bee09f5e5f711fe67eda4ddc93046ab4 /app
parent	8adb320978290991bc3d75864a5dc3476be9b81b (diff)
download	redmine-71d089c83329a0dcaad650f3a97b8d5262db1dd8.tar.gz redmine-71d089c83329a0dcaad650f3a97b8d5262db1dd8.zip