Add a few more escape calls to prevent nasty HTML being rendered. Also

[rails.git] / app / views / message / _message_summary.rhtml

diff --git a/app/views/message/_message_summary.rhtml b/app/views/message/_message_summary.rhtml
index 81e21454fac49ecf97c4c78f15da28b863fe2bd0..d1604e9b5425193b4f8d62186128f2d794a4b9a5 100644 (file)
--- a/app/views/message/_message_summary.rhtml
+++ b/app/views/message/_message_summary.rhtml
@@ -1,13 +1,9 @@
+<% this_colour = cycle('lightgrey', 'white') # can only call once for some dumb reason %>
+
 <tr class="inbox-row<%= "-unread" if not message_summary.message_read? %>">
-  <td class="inbox-sender"><%= link_to message_summary.sender.display_name , :controller => 'user', :action => message_summary.sender.display_name %></td>
-  <td class="inbox-subject">
-    <% if message_summary.title.nil? or message_summary.title == '' %>
-      <%= link_to '(no subject)' , :controller => 'message', :action => 'read', :message_id => message_summary.id  %>
-    <% else %>
-      <%= link_to  message_summary.title , :controller => 'message', :action => 'read', :message_id => message_summary.id  %>
-    <% end %>
-  </td>
-  <td class="inbox-sent"><%= message_summary.sent_on %></td>
+  <td class="inbox-sender" bgcolor='<%= this_colour %>'><%= link_to message_summary.sender.display_name , :controller => 'user', :action => message_summary.sender.display_name %></td>
+  <td class="inbox-subject" bgcolor='<%= this_colour %>'><%= link_to  h(message_summary.title) , :controller => 'message', :action => 'read', :message_id => message_summary.id  %></td>
+  <td class="inbox-sent" bgcolor='<%= this_colour %>'><%= message_summary.sent_on %></td>
   <% if message_summary.message_read? %>
     <td><%= button_to 'Mark as unread', :controller => 'message', :action => 'mark', :message_id => message_summary.id, :mark => 'unread' %></td>
   <% else %>