From dd28b61a68e765ec3b2ec67f12a12b9b02925378 2011-08-02 13:03:06
From: Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Date: 2011-08-02 13:03:06
Subject: [PATCH] HTML escape at app/views/issues/_attributes.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6369 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/views/issues/_attributes.rhtml b/app/views/issues/_attributes.rhtml
index e2d04ee..ba42b91 100644
--- a/app/views/issues/_attributes.rhtml
+++ b/app/views/issues/_attributes.rhtml
@@ -4,7 +4,7 @@
 <% if @issue.new_record? || @allowed_statuses.any? %>
 <p><%= f.select :status_id, (@allowed_statuses.collect {|p| [p.name, p.id]}), :required => true %></p>
 <% else %>
-<p><label><%= l(:field_status) %></label> <%= @issue.status.name %></p>
+<p><label><%= l(:field_status) %></label> <%= h(@issue.status.name) %></p>
 <% end %>
 
 <p><%= f.select :priority_id, (@priorities.collect {|p| [p.name, p.id]}), {:required => true}, :disabled => !@issue.leaf? %></p>