From 0f21021fea8f99d28b4507c3cffa55cbdd6f110d Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Fri, 7 Jun 2013 23:41:52 -0700
Subject: [PATCH] fix XSS

---
 httemplate/elements/search-cust_main.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httemplate/elements/search-cust_main.html b/httemplate/elements/search-cust_main.html
index e8c645eca..ba6a479a6 100644
--- a/httemplate/elements/search-cust_main.html
+++ b/httemplate/elements/search-cust_main.html
@@ -19,7 +19,7 @@ Example:
        NAME = "<% $field %>_search"
        ID   = "<% $field %>_search"
        SIZE = "32"
-       VALUE="<% $cust_main ? $cust_main->name : '(cust #, name or company)' %>"
+       VALUE="<% $cust_main ? $cust_main->name : '(cust #, name or company)' |h %>"
        onFocus="clearhint_<% $field %>_search(this);"
        onClick="clearhint_<% $field %>_search(this);"
        onChange="smart_<% $field %>_search(this);"
-- 
2.11.0