Skip to content

Commit 56c8ee0

Browse files
committed
Ensure that values of multi-value fields are HTML-escaped in issue list (#27186).
Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@16984 e93f8b46-1217-0410-a6f0-8f06a7374b81
1 parent 1a09764 commit 56c8ee0

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

Diff for: app/helpers/queries_helper.rb

+2-1
Original file line numberDiff line numberDiff line change
@@ -201,7 +201,8 @@ def column_header(query, column, options={})
201201
def column_content(column, item)
202202
value = column.value_object(item)
203203
if value.is_a?(Array)
204-
value.collect {|v| column_value(column, item, v)}.compact.join(', ').html_safe
204+
values = value.collect {|v| column_value(column, item, v)}.compact
205+
safe_join(values, ', ')
205206
else
206207
column_value(column, item, value)
207208
end

0 commit comments

Comments
 (0)