From 6c8e1514aa0cde2e89aad6c525ede8feb384ccf8 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 24 Dec 2006 15:41:23 +0000
Subject: [PATCH] xss in issue subject on issues/edit

git-svn-id: http://redmine.rubyforge.org/svn/trunk@107 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/views/issues/edit.rhtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/issues/edit.rhtml b/app/views/issues/edit.rhtml
index 60cdafc1..1666d0fd 100644
--- a/app/views/issues/edit.rhtml
+++ b/app/views/issues/edit.rhtml
@@ -1,4 +1,4 @@
-<h2><%= @issue.tracker.name %> #<%= @issue.id %> - <%= @issue.subject %></h2>
+<h2><%= @issue.tracker.name %> #<%= @issue.id %> - <%=h @issue.subject %></h2>
 
 <% labelled_tabular_form_for :issue, @issue, :url => {:action => 'edit'} do |f| %>
 <%= error_messages_for 'issue' %>