]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/diary_entry/view.rhtml
More display name escaping.
[rails.git] / app / views / diary_entry / view.rhtml
index ca678c50b02472dd9eedcf5f6d95d18d600e9898..6e1f75a32bd0e30251f681458c93262b8be1a9c4 100644 (file)
@@ -1,4 +1,4 @@
-<h2><%= @entry.user.display_name %>'s diary</h2>
+<h2><%= h(@entry.user.display_name) %>'s diary</h2>
 
 <%= render :partial => 'diary_entry', :object => @entry %>