Escape javascript in output

2010-03-10 08:38:53 +00:00 · 2010-03-10 08:38:53 +00:00 · ef9f53f861
commit ef9f53f861
parent dde9038539
1 changed files with 1 additions and 1 deletions
--- a/app/views/map_bugs/get_bugs.js.erb
+++ b/app/views/map_bugs/get_bugs.js.erb
@ -2,6 +2,6 @@

 <% else %>
 	<% @bugs.each do |bug| %> 
-putAJAXMarker(<%= bug.id.to_s %> , <%= bug.lon.to_s %> , <%= bug.lat.to_s %> , '<%= bug.flatten_comment("<hr />") %>', <%= (bug.status=="open"?"0":"1") %> );
+putAJAXMarker(<%= bug.id.to_s %> , <%= bug.lon.to_s %> , <%= bug.lat.to_s %> , '<%= escape_javascript(bug.flatten_comment("<hr />")) %>', <%= (bug.status=="open"?"0":"1") %> );
    <% end %>
 <% end %>