summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/redmine/helpers/diff.rb8
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/redmine/helpers/diff.rb b/lib/redmine/helpers/diff.rb
index aa1860ac7..a6d81620a 100644
--- a/lib/redmine/helpers/diff.rb
+++ b/lib/redmine/helpers/diff.rb
@@ -23,6 +23,7 @@ module Redmine
include ERB::Util
include ActionView::Helpers::TagHelper
include ActionView::Helpers::TextHelper
+ include ActionView::Helpers::OutputSafetyHelper
attr_reader :diff, :words
def initialize(content_to, content_from)
@@ -53,7 +54,7 @@ module Redmine
else
del_at = pos unless del_at
deleted << ' ' unless deleted.empty?
- deleted << h(change[2])
+ deleted << change[2]
words_del += 1
end
end
@@ -62,13 +63,14 @@ module Redmine
words[add_to] = words[add_to] + '</span>'.html_safe
end
if del_at
- words.insert del_at - del_off + dels + words_add, '<span class="diff_out">'.html_safe + deleted + '</span>'.html_safe
+ # deleted is not safe html at this point
+ words.insert del_at - del_off + dels + words_add, '<span class="diff_out">'.html_safe + h(deleted) + '</span>'.html_safe
dels += 1
del_off += words_del
words_del = 0
end
end
- words.join(' ').html_safe
+ safe_join(words, ' ')
end
end
end
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 10:23:41 +0000