Escape user names in diary views.

2008-03-04 16:49:12 +00:00 · 2008-03-04 16:49:12 +00:00 · cf8bd08a66
commit cf8bd08a66
parent 6c15eb7251
3 changed files with 3 additions and 3 deletions
--- a/app/views/diary_entry/view.rhtml
+++ b/app/views/diary_entry/view.rhtml
@ -1,4 +1,4 @@
-<h2><%= @entry.user.display_name %>'s diary</h2>
+<h2><%= h(@entry.user.display_name) %>'s diary</h2>

 <%= render :partial => 'diary_entry', :object => @entry %>