From a1072e0007fbc13931d2d592e3bf4136cbab54e7 Mon Sep 17 00:00:00 2001
From: Reinier Balt <lrbalt@gmail.com>
Date: Fri, 4 Jul 2008 14:04:33 +0200
Subject: [PATCH] fix for #740 as discussed on mailing list

---
 app/views/todos/_todo.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/todos/_todo.html.erb b/app/views/todos/_todo.html.erb
index 30090ab4..d4df682f 100644
--- a/app/views/todos/_todo.html.erb
+++ b/app/views/todos/_todo.html.erb
@@ -12,7 +12,7 @@
     <%= remote_toggle_checkbox unless source_view_is :deferred %>
     <div class="description<%= staleness_class( todo ) %>">
       <%= date_span -%>
-      <span class="todo.descr"><%= sanitize(todo.description) %></span>
+      <span class="todo.descr"><%= h sanitize(todo.description) %></span>
       <%= tag_list %>
       <%= deferred_due_date %>
       <%= project_and_context_links( parent_container_type, :suppress_context => suppress_context, :suppress_project => suppress_project ) %>