Commit add0bf4d authored by Felix Schäfer's avatar Felix Schäfer

Don't double-escape project names in base layout.

parent 8c26dea7
......@@ -413,7 +413,7 @@ module ApplicationHelper
title = []
title << h(@project.name) if @project
title += @html_title if @html_title
title << Setting.app_title
title << h(Setting.app_title)
title.select {|t| !t.blank? }.join(' - ')
else
@html_title ||= []
......
......@@ -2,7 +2,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title><%=h html_title %></title>
<title><%= html_title %></title>
<meta name="description" content="<%= Redmine::Info.app_name %>" />
<meta name="keywords" content="issue,bug,tracker" />
<%= csrf_meta_tag %>
......
......@@ -60,4 +60,15 @@ class LayoutTest < ActionController::IntegrationTest
:attributes => {:src => %r{^/javascripts/jstoolbar/textile.js}},
:parent => {:tag => 'head'}
end
test "page titles should be properly escaped" do
project = Project.generate(:name => "C&A")
with_settings :app_title => '<3' do
get "/projects/#{project.to_param}"
assert_select "title", /C&amp;A/
assert_select "title", /&lt;3/
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment