From af8edef9b93eebceb3936e4088ed2eb7635433f5 Mon Sep 17 00:00:00 2001
From: Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Date: Tue, 2 Aug 2011 12:45:39 +0000
Subject: [PATCH] HTML escape at app/views/search/index.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6348 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/views/search/index.rhtml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/views/search/index.rhtml b/app/views/search/index.rhtml
index 606565c90..08acb2857 100644
--- a/app/views/search/index.rhtml
+++ b/app/views/search/index.rhtml
@@ -28,8 +28,8 @@
     <h3><%= l(:label_result_plural) %> (<%= @results_by_type.values.sum %>)</h3>
     <dl id="search-results">
       <% @results.each do |e| %>
-        <dt class="<%= e.event_type %>"><%= content_tag('span', h(e.project), :class => 'project') unless @project == e.project %> <%= link_to highlight_tokens(truncate(e.event_title, :length => 255), @tokens), e.event_url %></dt>
-        <dd><span class="description"><%= highlight_tokens(e.event_description, @tokens) %></span>
+        <dt class="<%= e.event_type %>"><%= content_tag('span', h(e.project), :class => 'project') unless @project == e.project %> <%= link_to highlight_tokens(truncate(h(e.event_title), :length => 255), @tokens), e.event_url %></dt>
+        <dd><span class="description"><%= highlight_tokens(h(e.event_description), @tokens) %></span>
         <span class="author"><%= format_time(e.event_datetime) %></span></dd>
       <% end %>
     </dl>