Commit 208e39ca authored by jplang's avatar jplang

Ensure that values of multi-value fields are HTML-escaped in issue history (#27186).

Patch by Holger Just.

git-svn-id: https://svn.redmine.org/redmine/trunk@16985 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent d35abbe5
......@@ -177,7 +177,8 @@ module ApplicationHelper
end
case object.class.name
when 'Array'
object.map {|o| format_object(o, html)}.join(', ').html_safe
formatted_objects = object.map {|o| format_object(o, html)}
html ? safe_join(formatted_objects, ', ') : formatted_objects.join(', ')
when 'Time'
format_time(object)
when 'Date'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment