From b94b7b9383e14130145fd3f755617163005db24c Mon Sep 17 00:00:00 2001 From: Toshi MARUYAMA Date: Tue, 2 Aug 2011 12:54:18 +0000 Subject: [PATCH] HTML escape at app/views/attachments/_links.rhtml. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6358 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/views/attachments/_links.rhtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/attachments/_links.rhtml b/app/views/attachments/_links.rhtml index 19ab6734a..4f4e2d180 100644 --- a/app/views/attachments/_links.rhtml +++ b/app/views/attachments/_links.rhtml @@ -11,7 +11,7 @@ :title => l(:button_delete) %> <% end %> <% if options[:author] %> - <%= attachment.author %>, <%= format_time(attachment.created_on) %> + <%= h(attachment.author) %>, <%= format_time(attachment.created_on) %> <% end %>

<% end %>