projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4658140
)
fix XSS
author
Ivan Kohler
<ivan@freeside.biz>
Tue, 18 Jun 2013 22:26:26 +0000
(15:26 -0700)
committer
Ivan Kohler
<ivan@freeside.biz>
Tue, 18 Jun 2013 22:26:26 +0000
(15:26 -0700)
httemplate/view/elements/svc_Common.html
patch
|
blob
|
history
diff --git
a/httemplate/view/elements/svc_Common.html
b/httemplate/view/elements/svc_Common.html
index
de01c3d
..
2d1201b
100644
(file)
--- a/
httemplate/view/elements/svc_Common.html
+++ b/
httemplate/view/elements/svc_Common.html
@@
-63,11
+63,13
@@
function areyousure(href) {
% if ( ref($f) ) {
% $field = $f->{'field'};
% $hack_strict_refs = \&{ $f->{'value'} } if $f->{'value'};
-% $value = $f->{'value'} ? &$hack_strict_refs($svc_x) : $svc_x->$field;
+% $value = $f->{'value'}
+% ? &$hack_strict_refs($svc_x)
+% : encode_entities($svc_x->$field);
% $type = $f->{'type'} || 'text';
% } else {
% $field = $f;
-% $value =
$svc_x->$field
;
+% $value =
encode_entities($svc_x->$field)
;
% $type = 'text';
% }
%