diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb
index 23d5d38..c1fb9d7 100644
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -48,11 +48,11 @@ module IssuesHelper
link_to_issue(issue) + "
" +
"#{@cached_label_project}: #{link_to_project(issue.project)}
" +
- "#{@cached_label_status}: #{issue.status.name}
" +
+ "#{@cached_label_status}: #{h(issue.status.name)}
" +
"#{@cached_label_start_date}: #{format_date(issue.start_date)}
" +
"#{@cached_label_due_date}: #{format_date(issue.due_date)}
" +
- "#{@cached_label_assigned_to}: #{issue.assigned_to}
" +
- "#{@cached_label_priority}: #{issue.priority.name}"
+ "#{@cached_label_assigned_to}: #{h(issue.assigned_to)}
" +
+ "#{@cached_label_priority}: #{h(issue.priority.name)}"
end
def issue_heading(issue)
@@ -145,7 +145,7 @@ module IssuesHelper
# links to #index on issues/show
url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params
- content_tag('h3', title) +
+ content_tag('h3', h(title)) +
queries.collect {|query|
link_to(h(query.name), url_params.merge(:query_id => query))
}.join('
')