diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-03-26 10:20:10 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-03-26 10:20:10 +0000 |
commit | 25eb92c0dc337b3a1167642433a3d6af73c1a68d (patch) | |
tree | a97eb7469659d2446be79de08587bc7e1e60bce4 /lib | |
parent | 197ec295e036f3aaf574df3a804a29a88c48161d (diff) | |
download | redmine-25eb92c0dc337b3a1167642433a3d6af73c1a68d.tar.gz redmine-25eb92c0dc337b3a1167642433a3d6af73c1a68d.zip |
Text in the "removed" part of a diff is double-escaped (#22115).
Patch by Felix Schäfer.
git-svn-id: http://svn.redmine.org/redmine/trunk@15287 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'lib')
-rw-r--r-- | lib/redmine/helpers/diff.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/redmine/helpers/diff.rb b/lib/redmine/helpers/diff.rb index aa1860ac7..a6d81620a 100644 --- a/lib/redmine/helpers/diff.rb +++ b/lib/redmine/helpers/diff.rb @@ -23,6 +23,7 @@ module Redmine include ERB::Util include ActionView::Helpers::TagHelper include ActionView::Helpers::TextHelper + include ActionView::Helpers::OutputSafetyHelper attr_reader :diff, :words def initialize(content_to, content_from) @@ -53,7 +54,7 @@ module Redmine else del_at = pos unless del_at deleted << ' ' unless deleted.empty? - deleted << h(change[2]) + deleted << change[2] words_del += 1 end end @@ -62,13 +63,14 @@ module Redmine words[add_to] = words[add_to] + '</span>'.html_safe end if del_at - words.insert del_at - del_off + dels + words_add, '<span class="diff_out">'.html_safe + deleted + '</span>'.html_safe + # deleted is not safe html at this point + words.insert del_at - del_off + dels + words_add, '<span class="diff_out">'.html_safe + h(deleted) + '</span>'.html_safe dels += 1 del_off += words_del words_del = 0 end end - words.join(' ').html_safe + safe_join(words, ' ') end end end |