Escape javascript in output

[rails.git] / app / views / map_bugs / get_bugs.js.erb

diff --git a/app/views/map_bugs/get_bugs.js.erb b/app/views/map_bugs/get_bugs.js.erb
index 0364587df6fa984e94bec45ed57f3cbb52946a47..5bc9aafdaaac453ef94f45dc49673b3dbfef62b6 100644 (file)
--- a/app/views/map_bugs/get_bugs.js.erb
+++ b/app/views/map_bugs/get_bugs.js.erb
@@ -2,6 +2,6 @@
 
 <% else %>
        <% @bugs.each do |bug| %> 
-putAJAXMarker(<%= bug.id.to_s %> , <%= bug.lon.to_s %> , <%= bug.lat.to_s %> , '<%= bug.flatten_comment("<hr />") %>', <%= (bug.status=="open"?"0":"1") %> );
+putAJAXMarker(<%= bug.id.to_s %> , <%= bug.lon.to_s %> , <%= bug.lat.to_s %> , '<%= escape_javascript(bug.flatten_comment("<hr />")) %>', <%= (bug.status=="open"?"0":"1") %> );
     <% end %>
 <% end %>
\ No newline at end of file