diff options
| author | Mitch Jackson <mitch@freeside.biz> | 2018-10-27 19:18:40 -0400 |
|---|---|---|
| committer | Mitch Jackson <mitch@freeside.biz> | 2018-10-27 19:18:40 -0400 |
| commit | 8eac87da359ab1ff577c2118566f3976952dd1c3 (patch) | |
| tree | ed5834ee1173162e55f17b7aa5fab2268be1ff50 | |
| parent | 2d2c4981b8b2757afc4c7e70cbf2da02f0f7b4a5 (diff) | |
RT# 31964 Fix XSS
| -rw-r--r-- | httemplate/view/prospect_main.html | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/httemplate/view/prospect_main.html b/httemplate/view/prospect_main.html index f4dd414..f9f22aa 100644 --- a/httemplate/view/prospect_main.html +++ b/httemplate/view/prospect_main.html @@ -24,8 +24,8 @@ % foreach my $prospect_contact ( $prospect_main->prospect_contact ) { % my $contact = $prospect_contact->contact; <TR> - <TH ALIGN="right"><% $prospect_contact->contact_classname %> Contact</TD> - <TD BGCOLOR="#FFFFFF"><% $contact->line %></TD> + <TH ALIGN="right"><% $prospect_contact->contact_classname |h %> Contact</TD> + <TD BGCOLOR="#FFFFFF"><% $contact->line |h %></TD> </TR> %} @@ -55,7 +55,7 @@ <TR> <TH ALIGN="right">Tax status</TD> <TD BGCOLOR="#FFFFFF"> - <B><% $tax_status->taxstatus %>:</B> <% $tax_status->description %> + <B><% $tax_status->taxstatus |h %>:</B> <% $tax_status->description |h %> </TD> </TR> % } |