HTML escape at app/views/search/index.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6348 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-08-02 12:45:39 +00:00 · 2011-08-02 12:45:39 +00:00 · af8edef9b9
parent 6a27e2c5dc
commit af8edef9b9
1 changed files with 2 additions and 2 deletions
--- a/app/views/search/index.rhtml
+++ b/app/views/search/index.rhtml
@ -28,8 +28,8 @@
    <h3><%= l(:label_result_plural) %> (<%= @results_by_type.values.sum %>)</h3>
    <dl id="search-results">
      <% @results.each do |e| %>
-        <dt class="<%= e.event_type %>"><%= content_tag('span', h(e.project), :class => 'project') unless @project == e.project %> <%= link_to highlight_tokens(truncate(e.event_title, :length => 255), @tokens), e.event_url %></dt>
-        <dd><span class="description"><%= highlight_tokens(e.event_description, @tokens) %></span>
+        <dt class="<%= e.event_type %>"><%= content_tag('span', h(e.project), :class => 'project') unless @project == e.project %> <%= link_to highlight_tokens(truncate(h(e.event_title), :length => 255), @tokens), e.event_url %></dt>
+        <dd><span class="description"><%= highlight_tokens(h(e.event_description), @tokens) %></span>
        <span class="author"><%= format_time(e.event_datetime) %></span></dd>
      <% end %>
    </dl>