HTML escape at app/views/common/_diff.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6360 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-08-02 12:55:55 +00:00 · 2011-08-02 12:55:55 +00:00 · f742cef0f1
parent 07baff465f
commit f742cef0f1
1 changed files with 2 additions and 2 deletions
--- a/app/views/common/_diff.rhtml
+++ b/app/views/common/_diff.rhtml
@ -5,7 +5,7 @@
 <% if diff.diff_type == 'sbs' -%>
 <table class="filecontent">
 <thead>
-<tr><th colspan="4" class="filename"><%=to_utf8 table_file.file_name %></th></tr>
+<tr><th colspan="4" class="filename"><%=h(to_utf8(table_file.file_name)) %></th></tr>
 </thead>
 <tbody>
 <% table_file.each_line do |spacing, line| -%>
@ -31,7 +31,7 @@
 <% else -%>
 <table class="filecontent">
 <thead>
-<tr><th colspan="3" class="filename"><%=to_utf8 table_file.file_name %></th></tr>
+<tr><th colspan="3" class="filename"><%=h(to_utf8(table_file.file_name)) %></th></tr>
 </thead>
 <tbody>
 <% table_file.each_line do |spacing, line| %>