HTML escape some user values in account sidebar (#8345).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5747 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Toshi MARUYAMA 2011-05-12 00:26:16 +00:00
parent 16c0b67941
commit 1d78dd8324
1 changed files with 2 additions and 2 deletions

View File

@ -1,6 +1,6 @@
<h3><%=l(:label_my_account)%></h3>
<p><%=l(:field_login)%>: <strong><%= link_to @user.login, user_path(@user) %></strong><br />
<p><%=l(:field_login)%>: <strong><%= link_to(h(@user.login), user_path(@user) %></strong><br />
<%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p>
@ -19,7 +19,7 @@
<h4><%= l(:label_api_access_key) %></h4>
<div>
<%= link_to_function(l(:button_show), "$('api-access-key').toggle();")%>
<pre id='api-access-key' class='autoscroll'><%= @user.api_key %></pre>
<pre id='api-access-key' class='autoscroll'><%= h(@user.api_key) %></pre>
</div>
<%= javascript_tag("$('api-access-key').hide();") %>
<p>