diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2013-06-18 15:25:48 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2013-06-18 15:25:48 -0700 |
| commit | 94929dd9a9f81ea430f4e8f3a26642466bdd4642 (patch) | |
| tree | 06ccd1aa5d3bcebd4c903864e71e58b19bd380ff /httemplate | |
| parent | b1f912afdb22b59e8849cc4db7c6d46a8a49c124 (diff) | |
fix XSS
Diffstat (limited to 'httemplate')
| -rw-r--r-- | httemplate/view/elements/svc_Common.html | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html index 3c1cc66fa..02484341b 100644 --- a/httemplate/view/elements/svc_Common.html +++ b/httemplate/view/elements/svc_Common.html @@ -70,12 +70,14 @@ function areyousure(href) { % my $hack_strict_refs = \&{ $f->{'value_callback'} }; % $value = &$hack_strict_refs($svc_x); % } else { -% $value = exists($f->{'value'}) ? $f->{'value'} : $svc_x->$field; +% $value = exists($f->{'value'}) +% ? $f->{'value'} +% : encode_entities($svc_x->$field); % } % } else { % $field = $f; % $type = 'text'; -% $value = $svc_x->$field; +% $value = encode_entities($svc_x->$field); % } % % my $columndef = $part_svc->part_svc_column($field); |