xss

diff --git a/httemplate/search/quotation.html b/httemplate/search/quotation.html
index 2eba71c..16affeb 100755 (executable)
--- a/httemplate/search/quotation.html
+++ b/httemplate/search/quotation.html
@@ -27,7 +27,7 @@
                          $prospect_main ? $prospect_main->name : '';
                        },
                    sub { my $cust_main = shift->cust_main;
-                         $cust_main ? $cust_main->name : '';
+                         $cust_main ? encode_entities($cust_main->name) : '';
                        },
                    'confidence',
                    sub { my $quot = shift;