From de1f3ef204d75ae89d81e7f7177ac1b740c6abc7 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 28 Mar 2013 17:49:41 -0700
Subject: [PATCH] fix XSS

---
 httemplate/search/cust_main.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httemplate/search/cust_main.cgi b/httemplate/search/cust_main.cgi
index 450412160..224166b70 100755
--- a/httemplate/search/cust_main.cgi
+++ b/httemplate/search/cust_main.cgi
@@ -268,7 +268,7 @@
 %      my $pkg_rowspan = shift @pkg_rowspans;
 
         <% $n1 %><TD CLASS="grid" BGCOLOR="<% $bgcolor %>"  ROWSPAN="<% $pkg_rowspan%>">
-            <A HREF="<% $pkgview %>"><FONT SIZE=-1><% $pkg_comment %></FONT></A>
+            <A HREF="<% $pkgview %>"><FONT SIZE=-1><% $pkg_comment |h %></FONT></A>
         </TD>
 
 %       my $n2 = '';
-- 
2.20.1