Skip to content
Permalink
Browse files Browse the repository at this point in the history
Ensure that values of multi-value fields are HTML-escaped in issue hi…
…story (#27186).

Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@16985 e93f8b46-1217-0410-a6f0-8f06a7374b81
  • Loading branch information
jplang committed Oct 15, 2017
1 parent 56c8ee0 commit 94f7cfb
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion app/helpers/application_helper.rb
Expand Up @@ -177,7 +177,8 @@ def format_object(object, html=true, &block)
end
case object.class.name
when 'Array'
object.map {|o| format_object(o, html)}.join(', ').html_safe
formatted_objects = object.map {|o| format_object(o, html)}
html ? safe_join(formatted_objects, ', ') : formatted_objects.join(', ')
when 'Time'
format_time(object)
when 'Date'
Expand Down

0 comments on commit 94f7cfb

Please sign in to comment.