From 6c8e1514aa0cde2e89aad6c525ede8feb384ccf8 2006-12-24 15:41:23
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: 2006-12-24 15:41:23
Subject: [PATCH] xss in issue subject on issues/edit

git-svn-id: http://redmine.rubyforge.org/svn/trunk@107 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/views/issues/edit.rhtml b/app/views/issues/edit.rhtml
index 60cdafc..1666d0f 100644
--- a/app/views/issues/edit.rhtml
+++ b/app/views/issues/edit.rhtml
@@ -1,4 +1,4 @@
-<h2><%= @issue.tracker.name %> #<%= @issue.id %> - <%= @issue.subject %></h2>
+<h2><%= @issue.tracker.name %> #<%= @issue.id %> - <%=h @issue.subject %></h2>
 
 <% labelled_tabular_form_for :issue, @issue, :url => {:action => 'edit'} do |f| %>
 <%= error_messages_for 'issue' %>