diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 23:08:50 -0800 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 23:08:50 -0800 |
| commit | acbc4a9ff91b668197012772172af24b9cc42df6 (patch) | |
| tree | dac458ec6fc08d322aefdc96b8decfc3634b5839 /httemplate/misc/xmlhttp-cust_main-duplicates.html | |
| parent | 1b0e3600f2004f0977c9906b3f7db56f3ca80f5d (diff) | |
fix XSS
Diffstat (limited to 'httemplate/misc/xmlhttp-cust_main-duplicates.html')
| -rw-r--r-- | httemplate/misc/xmlhttp-cust_main-duplicates.html | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/httemplate/misc/xmlhttp-cust_main-duplicates.html b/httemplate/misc/xmlhttp-cust_main-duplicates.html index 6654b3e39..7ee00af66 100644 --- a/httemplate/misc/xmlhttp-cust_main-duplicates.html +++ b/httemplate/misc/xmlhttp-cust_main-duplicates.html @@ -8,9 +8,9 @@ Choose an existing customer <TR> <TD ALIGN="right" VALIGN="top"><B><% $custnum %>: </B></TD> <TD ALIGN="left"> - <% $_->name %>—<B><FONT COLOR="#<%$_->statuscolor%>"><%$_->ucfirst_cust_status%></FONT></B><BR> -<% $_->address1 %><BR> -<% $_->city %>, <% $_->state %> <% $_->zip %> + <% $_->name |h %>—<B><FONT COLOR="#<%$_->statuscolor%>"><%$_->ucfirst_cust_status%></FONT></B><BR> +<% $_->address1 |h %><BR> +<% $_->city |h %>, <% $_->state %> <% $_->zip %> </TD> <TD ALIGN="center"> <INPUT TYPE="radio" NAME="dup_custnum" VALUE="<%$custnum%>"> |