Don't double-escape project names in base layout.

add0bf4d · Felix Schäfer · 8c26dea7 · add0bf4d · add0bf4d · add0bf4d
Commit add0bf4d authored Nov 27, 2011 by Felix Schäfer
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 2 deletions

application_helper.rb app/helpers/application_helper.rb +1 -1

base.rhtml app/views/layouts/base.rhtml +1 -1

layout_test.rb test/integration/layout_test.rb +11 -0

No files found.
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -413,7 +413,7 @@ module ApplicationHelper
      title = []
      title << h(@project.name) if @project
      title += @html_title if @html_title
-      title << Setting.app_title
+      title << h(Setting.app_title)
      title.select {|t| !t.blank? }.join(' - ')
    else
      @html_title ||= []

--- a/app/views/layouts/base.rhtml
+++ b/app/views/layouts/base.rhtml
@@ -2,7 +2,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
 <head>
 <meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<title><%=h html_title %></title>
+<title><%= html_title %></title>
 <meta name="description" content="<%= Redmine::Info.app_name %>" />
 <meta name="keywords" content="issue,bug,tracker" />
 <%= csrf_meta_tag %>

--- a/test/integration/layout_test.rb
+++ b/test/integration/layout_test.rb
@@ -60,4 +60,15 @@ class LayoutTest < ActionController::IntegrationTest
      :attributes => {:src => %r{^/javascripts/jstoolbar/textile.js}},
      :parent => {:tag => 'head'}
  end
+  test "page titles should be properly escaped" do
+    project = Project.generate(:name => "C&A")
+    with_settings :app_title => '<3' do
+      get "/projects/#{project.to_param}"
+      assert_select "title", /C&amp;A/
+      assert_select "title", /&lt;3/
+    end
+  end
 end