From 3d18177c158acc492e9322677b11c8089df0fbc0 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Sun, 11 Nov 2012 23:08:47 -0800
Subject: fix XSS

---
 httemplate/misc/xmlhttp-cust_main-duplicates.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'httemplate/misc/xmlhttp-cust_main-duplicates.html')

diff --git a/httemplate/misc/xmlhttp-cust_main-duplicates.html b/httemplate/misc/xmlhttp-cust_main-duplicates.html
index 6654b3e39..7ee00af66 100644
--- a/httemplate/misc/xmlhttp-cust_main-duplicates.html
+++ b/httemplate/misc/xmlhttp-cust_main-duplicates.html
@@ -8,9 +8,9 @@ Choose an existing customer
 <TR>
   <TD ALIGN="right" VALIGN="top"><B><% $custnum %>: </B></TD>
   <TD ALIGN="left">
-    <% $_->name %>&mdash;<B><FONT COLOR="#<%$_->statuscolor%>"><%$_->ucfirst_cust_status%></FONT></B><BR>
-<% $_->address1 %><BR>
-<% $_->city %>,&nbsp;<% $_->state %>&nbsp;&nbsp;<% $_->zip %>
+    <% $_->name |h %>&mdash;<B><FONT COLOR="#<%$_->statuscolor%>"><%$_->ucfirst_cust_status%></FONT></B><BR>
+<% $_->address1 |h %><BR>
+<% $_->city |h %>,&nbsp;<% $_->state %>&nbsp;&nbsp;<% $_->zip %>
   </TD>
   <TD ALIGN="center">
     <INPUT TYPE="radio" NAME="dup_custnum" VALUE="<%$custnum%>">
-- 
cgit v1.2.1