summaryrefslogtreecommitdiff
path: root/httemplate
diff options
context:
space:
mode:
authorMitch Jackson <mitch@freeside.biz>2018-10-27 13:01:54 -0400
committerMitch Jackson <mitch@freeside.biz>2018-10-27 13:01:54 -0400
commit0d13c4c4823794e26725303bc730d7f7d59ef4fb (patch)
tree380028d55bcb6d2f87a8da947aa948b023f5e068 /httemplate
parentb3cc8eb7ebeda6877548ba0640f754cf36e099b4 (diff)
RT# 31964 Fix XSS
Diffstat (limited to 'httemplate')
-rw-r--r--httemplate/view/prospect_main.html10
1 files changed, 5 insertions, 5 deletions
diff --git a/httemplate/view/prospect_main.html b/httemplate/view/prospect_main.html
index 504a5a8ec..d6bcbe7ad 100644
--- a/httemplate/view/prospect_main.html
+++ b/httemplate/view/prospect_main.html
@@ -24,18 +24,18 @@
% foreach my $prospect_contact ( $prospect_main->prospect_contact ) {
% my $contact = $prospect_contact->contact;
<TR>
- <TH ALIGN="right" VALIGN="top"><% $prospect_contact->contact_classname %> Contact</TH>
+ <TH ALIGN="right" VALIGN="top"><% $prospect_contact->contact_classname |h %> Contact</TH>
<TD BGCOLOR="#FFFFFF">
- <% $contact->line %><br>
+ <% $contact->line |h %><br>
<table>
% for my $row ( $contact->contact_email ) {
- <tr><th>E-Mail:</th><td><% $row->emailaddress %></td></tr>
+ <tr><th>E-Mail:</th><td><% $row->emailaddress |h %></td></tr>
% }
% for my $row ( $contact->contact_phone ) {
- <tr><th><% $row->phone_type->typename %>:</th><td><% $row->phonenum_pretty %></td></tr>
+ <tr><th><% $row->phone_type->typename |h %>:</th><td><% $row->phonenum_pretty |h %></td></tr>
% }
% if ( $prospect_contact->comment ) {
- <tr><th>Comment:</th><td><% $prospect_contact->comment %></td></tr>
+ <tr><th>Comment:</th><td><% $prospect_contact->comment |h %></td></tr>
% }
</table>
</TD>
generated by cgit v1.2.1 (git 2.18.0) at 2025-06-14 17:43:27 +0000