From 94929dd9a9f81ea430f4e8f3a26642466bdd4642 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Tue, 18 Jun 2013 15:25:48 -0700 Subject: [PATCH] fix XSS --- httemplate/view/elements/svc_Common.html | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html index 3c1cc66fa..02484341b 100644 --- a/httemplate/view/elements/svc_Common.html +++ b/httemplate/view/elements/svc_Common.html @@ -70,12 +70,14 @@ function areyousure(href) { % my $hack_strict_refs = \&{ $f->{'value_callback'} }; % $value = &$hack_strict_refs($svc_x); % } else { -% $value = exists($f->{'value'}) ? $f->{'value'} : $svc_x->$field; +% $value = exists($f->{'value'}) +% ? $f->{'value'} +% : encode_entities($svc_x->$field); % } % } else { % $field = $f; % $type = 'text'; -% $value = $svc_x->$field; +% $value = encode_entities($svc_x->$field); % } % % my $columndef = $part_svc->part_svc_column($field); -- 2.20.1