From b2101823682f3738f5b367d2c1f2a7c6d47cdad1 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Sun, 11 Nov 2012 22:20:19 -0800
Subject: fix XSS

---
 httemplate/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'httemplate/index.html')

diff --git a/httemplate/index.html b/httemplate/index.html
index 71926aa4e..bc51e6a52 100644
--- a/httemplate/index.html
+++ b/httemplate/index.html
@@ -46,7 +46,7 @@
 % next unless $cust_main; 
 
     <TR>
-      <TD CLASS="grid" BGCOLOR="<% $bgcolor %>"><A HREF="view/cust_main.cgi?<% $custnum %>"><% $cust_main->display_custnum %>: <% $cust_main->name %></A></TD>
+      <TD CLASS="grid" BGCOLOR="<% $bgcolor %>"><A HREF="view/cust_main.cgi?<% $custnum %>"><% $cust_main->display_custnum %>: <% $cust_main->name |h %></A></TD>
     </TR>
 
 %       if ( $bgcolor eq $bgcolor1 ) {
-- 
cgit v1.2.1