diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2013-02-17 15:23:56 -0800 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2013-02-17 15:23:56 -0800 |
| commit | 0da59a28d129728c18481ca80e8841585b69dd0c (patch) | |
| tree | fc2433bd8de1fd68a8d35bab19c5a15ce3cbd9ef | |
| parent | c13c6407510f6fd1783ce0fbd97800afa27c30b5 (diff) | |
fix low-impact XSS
| -rwxr-xr-x | httemplate/edit/REAL_cust_pkg.cgi | 2 | ||||
| -rw-r--r-- | httemplate/edit/cust_pkg_detail.html | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/httemplate/edit/REAL_cust_pkg.cgi b/httemplate/edit/REAL_cust_pkg.cgi index 4bcf55c44..99e911ae5 100755 --- a/httemplate/edit/REAL_cust_pkg.cgi +++ b/httemplate/edit/REAL_cust_pkg.cgi @@ -70,7 +70,7 @@ function confirm_changes() { <TR> <TD ALIGN="right">Comment</TD> - <TD BGCOLOR="#ffffff"><% $part_pkg->comment %></TD> + <TD BGCOLOR="#ffffff"><% $part_pkg->comment |h %></TD> </TR> <TR> diff --git a/httemplate/edit/cust_pkg_detail.html b/httemplate/edit/cust_pkg_detail.html index 009ed5c6e..5e107066d 100644 --- a/httemplate/edit/cust_pkg_detail.html +++ b/httemplate/edit/cust_pkg_detail.html @@ -28,7 +28,7 @@ <TR> <TD ALIGN="right">Comment</TD> - <TD BGCOLOR="#ffffff"><% $part_pkg->comment %></TD> + <TD BGCOLOR="#ffffff"><% $part_pkg->comment |h %></TD> </TR> <TR> |