diff --git a/app/views/dmsf_files/show.html.erb b/app/views/dmsf_files/show.html.erb
index 8d5c24e9..c83e7fbc 100644
--- a/app/views/dmsf_files/show.html.erb
+++ b/app/views/dmsf_files/show.html.erb
@@ -112,7 +112,7 @@
<% if revision.description.present? %>
<%= content_tag :div, l(:label_description), :class => 'label' %>
- <% text = clean_wiki_text(textilizable(revision.description)) %>
+ <% text = clean_wiki_text(textilizable(h revision.description)) %>
<%= content_tag :div, text.html_safe, :class => 'value wiki' %>
<% end %>
@@ -141,7 +141,7 @@
<% if revision.comment.present? %>
<%= content_tag :div, l(:label_comment), :class => 'label' %>
- <% text = clean_wiki_text(textilizable(revision.comment)) %>
+ <% text = clean_wiki_text(textilizable(h revision.comment)) %>
<%= content_tag :div, text.html_safe, :class => 'value wiki' %>
<% end %>
diff --git a/lib/redmine_dmsf/hooks/views/issue_view_hooks.rb b/lib/redmine_dmsf/hooks/views/issue_view_hooks.rb
index 0bca9a6d..9e68c304 100644
--- a/lib/redmine_dmsf/hooks/views/issue_view_hooks.rb
+++ b/lib/redmine_dmsf/hooks/views/issue_view_hooks.rb
@@ -208,11 +208,11 @@ module RedmineDmsf
:title => h(dmsf_file.last_revision.try(:tooltip)),
'data-downloadurl' => "#{dmsf_file.last_revision.detect_content_type}:#{h(dmsf_file.name)}:#{file_view_url}")
html << "(#{number_to_human_size(dmsf_file.last_revision.size)})"
- html << " - #{dmsf_file.description}" unless dmsf_file.description.blank?
+ html << " - #{h(dmsf_file.description)}" unless dmsf_file.description.blank?
html << ''
# Author, updated at
html << ''
- html << "#{dmsf_file.last_revision.user}, #{format_time(dmsf_file.last_revision.updated_at)}"
+ html << "#{h(dmsf_file.last_revision.user)}, #{format_time(dmsf_file.last_revision.updated_at)}"
html << ' | '
# Command icons
html << ''
|