Escape flash messages (#19117).

git-svn-id: http://svn.redmine.org/redmine/trunk@14016 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-11-04 20:35:57 +01:00 · 2015-02-17 17:47:36 +00:00
parent 177dd7bff1
commit 2a7795ab52
2 changed files with 4 additions and 4 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -293,7 +293,7 @@ class AccountController < ApplicationController
    token = Token.new(:user => user, :action => "register")
    if user.save and token.save
      Mailer.register(token).deliver
-      flash[:notice] = l(:notice_account_register_done, :email => user.mail)
+      flash[:notice] = l(:notice_account_register_done, :email => ERB::Util.h(user.mail))
      redirect_to signin_path
    else
      yield if block_given?