diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 23:08:47 -0800 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 23:08:47 -0800 |
| commit | 3d18177c158acc492e9322677b11c8089df0fbc0 (patch) | |
| tree | 35aa13c4c6da9181fa2e987d3619132773d047d4 /httemplate/misc/xmlhttp-cust_main-duplicates.html | |
| parent | 4ee7d66497689819f80f29795b93f0ba564141e7 (diff) | |
fix XSS
Diffstat (limited to 'httemplate/misc/xmlhttp-cust_main-duplicates.html')
| -rw-r--r-- | httemplate/misc/xmlhttp-cust_main-duplicates.html | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/httemplate/misc/xmlhttp-cust_main-duplicates.html b/httemplate/misc/xmlhttp-cust_main-duplicates.html index 6654b3e39..7ee00af66 100644 --- a/httemplate/misc/xmlhttp-cust_main-duplicates.html +++ b/httemplate/misc/xmlhttp-cust_main-duplicates.html @@ -8,9 +8,9 @@ Choose an existing customer <TR> <TD ALIGN="right" VALIGN="top"><B><% $custnum %>: </B></TD> <TD ALIGN="left"> - <% $_->name %>—<B><FONT COLOR="#<%$_->statuscolor%>"><%$_->ucfirst_cust_status%></FONT></B><BR> -<% $_->address1 %><BR> -<% $_->city %>, <% $_->state %> <% $_->zip %> + <% $_->name |h %>—<B><FONT COLOR="#<%$_->statuscolor%>"><%$_->ucfirst_cust_status%></FONT></B><BR> +<% $_->address1 |h %><BR> +<% $_->city |h %>, <% $_->state %> <% $_->zip %> </TD> <TD ALIGN="center"> <INPUT TYPE="radio" NAME="dup_custnum" VALUE="<%$custnum%>"> |