xss in issue subject on issues/edit

git-svn-id: http://redmine.rubyforge.org/svn/trunk@107 e93f8b46-1217-0410-a6f0-8f06a7374b81

xss in issue subject on issues/edit
git-svn-id: http://redmine.rubyforge.org/svn/trunk@107 e93f8b46-1217-0410-a6f0-8f06a7374b81
6c8e1514 · Jean-Philippe Lang · bc441585 · 6c8e1514
Commit 6c8e1514 authored Dec 24, 2006 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

edit.rhtml app/views/issues/edit.rhtml +1 -1

No files found.
--- a/app/views/issues/edit.rhtml
+++ b/app/views/issues/edit.rhtml
-<h2><%= @issue.tracker.name %> #<%= @issue.id %> - <%= @issue.subject %></h2>
+<h2><%= @issue.tracker.name %> #<%= @issue.id %> - <%=h @issue.subject %></h2>

 <% labelled_tabular_form_for :issue, @issue, :url => {:action => 'edit'} do |f| %>
 <%= error_messages_for 'issue' %>