HTML escape at app/views/wiki/export_multiple.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6391 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 13:19:05 +0000
committer: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 13:19:05 +0000
commit: d96f3f4767a3467b4f493166675de30c2987b600 (patch)
tree: f7016cc6b2dae1af590ff466ed90d677f006cdd7 /app
parent: 7ced7b17fdb16a64633b8ef534cde2d08de47706 (diff)
download: redmine-d96f3f4767a3467b4f493166675de30c2987b600.tar.gz
redmine-d96f3f4767a3467b4f493166675de30c2987b600.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/app/views/wiki/export_multiple.rhtml b/app/views/wiki/export_multiple.rhtml
index 31fa557c7..df8f74012 100644
--- a/app/views/wiki/export_multiple.rhtml
+++ b/app/views/wiki/export_multiple.rhtml
@@ -20,13 +20,13 @@ h1:hover a.wiki-anchor, h2:hover a.wiki-anchor, h3:hover a.wiki-anchor { display
 <strong><%= l(:label_index_by_title) %></strong>
 <ul>
 <% @pages.each do |page| %>
-    <li><a href="#<%= page.title %>"><%= page.pretty_title %></a></li>
+    <li><a href="#<%= h(page.title) %>"><%= h(page.pretty_title) %></a></li>
 <% end %>
 </ul>
 
 <% @pages.each do |page| %>
 <hr />
-<a name="<%= page.title %>" />
+<a name="<%= h(page.title) %>" />
 <%= textilizable page.content ,:text, :wiki_links => :anchor %>
 <% end %>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 13:19:05 +0000
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 13:19:05 +0000
commit	d96f3f4767a3467b4f493166675de30c2987b600 (patch)
tree	f7016cc6b2dae1af590ff466ed90d677f006cdd7 /app
parent	7ced7b17fdb16a64633b8ef534cde2d08de47706 (diff)
download	redmine-d96f3f4767a3467b4f493166675de30c2987b600.tar.gz redmine-d96f3f4767a3467b4f493166675de30c2987b600.zip