Patch #11793

Html escaping doesn't work in "Jump to project" list

Added by Alexey Kalmykov about 10 years ago. Updated about 10 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:


Target version:-


I've found a bug in redmine. If project name have some html characters(like '&', or '<', '>', tags, etc.), project name doesn't display correctly, something like on screenshot:
bug screenshot

So, i've made a patch(replaced "h(project)" to "project.to_s").

Redmine version 2.0.3
Ruby version 1.8.7 (x86_64-linux)
RubyGems version 1.8.24
Rack version 1.4
Rails version 3.2.6
Postgresql version 9.1.5

bug.jpg - bug screenshot (22.6 KB) Alexey Kalmykov, 2012-09-07 12:15

fix_html_escaping.patch Magnifier - patch (523 Bytes) Alexey Kalmykov, 2012-09-07 12:15

Related issues

Duplicates Redmine - Defect #11217: Project names in drop-down are escaped twice Closed


#1 Updated by Etienne Massip about 10 years ago

  • Status changed from New to Closed

Closed as duplicate of #11217.

Also available in: Atom PDF