fix html escaping

pull/6827/head
Christian Rijke 12 years ago
parent cf25151201
commit 1b6f627980
  1. 3
      lib/open_project/backlogs/issue_actions.rb
  2. 2
      lib/open_project/backlogs/issue_edit_actions.rb
  3. 2
      lib/open_project/backlogs/issue_form.rb
  4. 2
      lib/open_project/backlogs/issue_form/notes_paragraph.rb
  5. 2
      lib/open_project/backlogs/issue_view/heading.rb
  6. 12
      lib/open_project/backlogs/issue_view/issue_hierarchy_paragraph.rb

@ -7,8 +7,7 @@ class OpenProject::Backlogs::IssueActions < OpenProject::Nissue::View
css_class = "watcher_link_#{@issue.id}"
content_tag(:div, [
(t.modal_link_to(l(:button_update), {:controller => 'issue_boxes', :action => 'edit', :id => @issue }, :class => 'icon icon-edit') if t.authorize_for('issue_boxes', 'edit')),
" ",
t.watcher_link(@issue, User.current, :class => css_class, :replace => ".#{css_class}")
].join, :class => 'contextual')
].join.html_safe, :class => 'contextual')
end
end

@ -17,6 +17,6 @@ class OpenProject::Backlogs::IssueEditActions < OpenProject::Nissue::View
:update => @html_id,
:with => "Form.serialize('#{@form_id}')"
}, { :class => 'icon icon-save', :accesskey => t.accesskey(:update) }) if t.authorize_for('issue_boxes', 'update'))
].join, :class => 'contextual')
].join.html_safe, :class => 'contextual')
end
end

@ -19,7 +19,7 @@ class OpenProject::Backlogs::IssueForm < OpenProject::Backlogs::IssueView
errors_paragraph.render(t),
s,
notes_paragraph.render(t)
].join, :id => form_id)
].join.html_safe, :id => form_id)
end
def errors_paragraph

@ -8,7 +8,7 @@ class OpenProject::Backlogs::IssueForm::NotesParagraph < OpenProject::Nissue::Is
s = content_tag(:fieldset, [
content_tag(:legend, l(:field_notes)),
t.text_area_tag('issue[notes]', '', :cols => 60, :rows => 10, :class => 'wiki-edit', :id => html_id),
t.wikitoolbar_for(html_id) ].join
t.wikitoolbar_for(html_id) ].join.html_safe
)
end
end

@ -1,5 +1,5 @@
class OpenProject::Backlogs::IssueView::Heading < OpenProject::Nissue::IssueView::Heading
def render_issue_subject_with_tree(t)
content_tag('h3', h(@issue.subject))
content_tag('h3', @issue.subject)
end
end

@ -40,7 +40,7 @@ class OpenProject::Backlogs::IssueView::IssueHierarchyParagraph < OpenProject::N
end
s << '</table></form>'
s
s.html_safe
end
def render_row(t, issue, level, relation = "root")
@ -49,7 +49,7 @@ class OpenProject::Backlogs::IssueView::IssueHierarchyParagraph < OpenProject::N
css_classes << "idnt" << "idnt-#{level}" if level > 0
if @issue == issue
issue_text = t.link_to("#{h(issue.tracker.name)} ##{issue.id}",
issue_text = t.link_to("#{issue.tracker.name} ##{issue.id}",
'javascript:void(0)',
:style => "color:inherit; font-weight: bold",
:class => issue.css_classes)
@ -61,9 +61,9 @@ class OpenProject::Backlogs::IssueView::IssueHierarchyParagraph < OpenProject::N
elsif relation == "child"
title << content_tag(:span, l(:description_sub_issue), :class => "hidden-for-sighted")
end
title << " #{h(issue.tracker.name)} ##{issue.id}"
title << " #{issue.tracker.name} ##{issue.id}"
issue_text = t.link_to_issue_box(title, issue, :class => issue.css_classes)
issue_text = t.link_to_issue_box(title.html_safe, issue, :class => issue.css_classes)
end
issue_text << ": "
issue_text << t.truncate(issue.subject, :length => 60)
@ -71,10 +71,10 @@ class OpenProject::Backlogs::IssueView::IssueHierarchyParagraph < OpenProject::N
content_tag('tr', [
content_tag('td', t.check_box_tag("ids[]", issue.id, false, :id => nil), :class => 'checkbox'),
content_tag('td', issue_text, :class => 'subject'),
content_tag('td', h(issue.status)),
content_tag('td', issue.status),
content_tag('td', t.link_to_user(issue.assigned_to)),
content_tag('td', t.link_to_version(issue.fixed_version))
].join,
].join.html_safe,
:class => css_classes.join(' '))
end
end

Loading…
Cancel
Save