From: Mitch Jackson <mitch@freeside.biz>
Date: Sat, 27 Oct 2018 23:18:40 +0000 (-0400)
Subject: RT# 31964 Fix XSS
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=8eac87da359ab1ff577c2118566f3976952dd1c3;p=freeside.git

RT# 31964 Fix XSS
---

diff --git a/httemplate/view/prospect_main.html b/httemplate/view/prospect_main.html
index f4dd4146f..f9f22aaac 100644
--- a/httemplate/view/prospect_main.html
+++ b/httemplate/view/prospect_main.html
@@ -24,8 +24,8 @@
 % foreach my $prospect_contact ( $prospect_main->prospect_contact ) {
 %   my $contact = $prospect_contact->contact;
     <TR>
-      <TH ALIGN="right"><% $prospect_contact->contact_classname %> Contact</TD>
-      <TD BGCOLOR="#FFFFFF"><% $contact->line %></TD>
+      <TH ALIGN="right"><% $prospect_contact->contact_classname |h %> Contact</TD>
+      <TD BGCOLOR="#FFFFFF"><% $contact->line |h %></TD>
     </TR>
 %}
 
@@ -55,7 +55,7 @@
   <TR>
     <TH ALIGN="right">Tax status</TD>
     <TD BGCOLOR="#FFFFFF">
-      <B><% $tax_status->taxstatus %>:</B> <% $tax_status->description %>
+      <B><% $tax_status->taxstatus |h %>:</B> <% $tax_status->description |h %>
     </TD>
   </TR>
 % }