From 28de2695cb889d0dc3d1b3425582f069643edcd9 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Tue, 18 Jun 2013 15:26:26 -0700
Subject: [PATCH] fix XSS

---
 httemplate/view/elements/svc_Common.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html
index de01c3d55..2d1201b51 100644
--- a/httemplate/view/elements/svc_Common.html
+++ b/httemplate/view/elements/svc_Common.html
@@ -63,11 +63,13 @@ function areyousure(href) {
 %   if ( ref($f) ) {
 %     $field = $f->{'field'};
 %     $hack_strict_refs = \&{ $f->{'value'} } if $f->{'value'};
-%     $value = $f->{'value'} ? &$hack_strict_refs($svc_x) : $svc_x->$field;
+%     $value = $f->{'value'}
+%                ? &$hack_strict_refs($svc_x)
+%                : encode_entities($svc_x->$field);
 %     $type  = $f->{'type'} || 'text';
 %   } else {
 %     $field = $f;
-%     $value = $svc_x->$field;
+%     $value = encode_entities($svc_x->$field);
 %     $type = 'text';
 %   }
 %
-- 
2.11.0