RT#6226: security fix for customer notes

[freeside.git] / httemplate / view / cust_main / notes.html

diff --git a/httemplate/view/cust_main/notes.html b/httemplate/view/cust_main/notes.html
index a6378f4..a39610a 100755 (executable)
--- a/httemplate/view/cust_main/notes.html
+++ b/httemplate/view/cust_main/notes.html
@@ -53,7 +53,7 @@
         &nbsp;<% $note->otaker%>
       </TD>
       <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
-        &nbsp;<%$note->comments%>
+        &nbsp;<% $note->comments | defang %>
       </TD>
 % if($edit) {
       <TD CLASS="grid" BGCOLOR="<% $bgcolor %>"><% $edit %></TD>
@@ -67,6 +67,8 @@
 % }
 <%init>
 
+use HTML::Defang;
+
 my $conf = new FS::Conf;
 my $curuser = $FS::CurrentUser::CurrentUser;