From 8eac87da359ab1ff577c2118566f3976952dd1c3 Mon Sep 17 00:00:00 2001
From: Mitch Jackson <mitch@freeside.biz>
Date: Sat, 27 Oct 2018 19:18:40 -0400
Subject: RT# 31964 Fix XSS

---
 httemplate/view/prospect_main.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/httemplate/view/prospect_main.html b/httemplate/view/prospect_main.html
index f4dd414..f9f22aa 100644
--- a/httemplate/view/prospect_main.html
+++ b/httemplate/view/prospect_main.html
@@ -24,8 +24,8 @@
 % foreach my $prospect_contact ( $prospect_main->prospect_contact ) {
 %   my $contact = $prospect_contact->contact;
     <TR>
-      <TH ALIGN="right"><% $prospect_contact->contact_classname %> Contact</TD>
-      <TD BGCOLOR="#FFFFFF"><% $contact->line %></TD>
+      <TH ALIGN="right"><% $prospect_contact->contact_classname |h %> Contact</TD>
+      <TD BGCOLOR="#FFFFFF"><% $contact->line |h %></TD>
     </TR>
 %}
 
@@ -55,7 +55,7 @@
   <TR>
     <TH ALIGN="right">Tax status</TD>
     <TD BGCOLOR="#FFFFFF">
-      <B><% $tax_status->taxstatus %>:</B> <% $tax_status->description %>
+      <B><% $tax_status->taxstatus |h %>:</B> <% $tax_status->description |h %>
     </TD>
   </TR>
 % }
-- 
cgit v1.1