diff options
Diffstat (limited to 'rc-status-html.lsp')
-rw-r--r-- | rc-status-html.lsp | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/rc-status-html.lsp b/rc-status-html.lsp index 3272af0..a234798 100644 --- a/rc-status-html.lsp +++ b/rc-status-html.lsp @@ -3,15 +3,15 @@ <% if session.editresult then %> <H1>Command Result</H1> - <% if session.editresult.errtxt then io.write('<P CLASS="error">' .. string.gsub(session.editresult.errtxt, "\n", "<BR>") .. "</P>\n") end - if session.editresult.descr then io.write('<P CLASS="descr">' .. string.gsub(session.editresult.descr, "\n", "<BR>") .. "</P>\n") end + <% if session.editresult.errtxt then io.write('<P CLASS="error">' .. string.gsub(html.html_escape(session.editresult.errtxt), "\n", "<BR>") .. "</P>\n") end + if session.editresult.descr then io.write('<P CLASS="descr">' .. string.gsub(html.html_escape(session.editresult.descr), "\n", "<BR>") .. "</P>\n") end for name,val in pairs(session.editresult.value) do - if val.errtxt then io.write('<P CLASS="error">' .. string.gsub(val.errtxt, "\n", "<BR>") .. "</P>\n") end + if val.errtxt then io.write('<P CLASS="error">' .. string.gsub(html.html_escape(val.errtxt), "\n", "<BR>") .. "</P>\n") end end session.editresult = nil end %> -<H1><%= view.label %></H1> +<H1><%= html.html_escape(view.label) %></H1> <TABLE> <TR> <% if session.permissions.rc.edit then %> @@ -28,14 +28,14 @@ for i,item in ipairs(view.value) do %> for name,val in pairs(result.value) do val.name=name end if result.value.kill.value then result.value.kill.checked = "" end if result.value.system.value then result.value.system.checked = "" end %> - <form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/edit" %>" method="POST"> - <TD><input class="submit" type="submit" name="<%= result.option %>" value="<%= result.submit or result.option %>"></TD> - <TD><%= item.servicename %><%= html.form.hidden(result.value.servicename) %></TD><TD><%= html.form.text(result.value.sequence) %></TD> + <form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/edit") %>" method="POST"> + <TD><input class="submit" type="submit" name="<%= html.html_escape(result.option) %>" value="<%= html.html_escape(result.submit or result.option) %>"></TD> + <TD><%= html.html_escape(item.servicename) %><%= html.form.hidden(result.value.servicename) %></TD><TD><%= html.form.text(result.value.sequence) %></TD> <TD><%= html.form.checkbox(result.value.kill) %></TD><TD><%= html.form.checkbox(result.value.system) %></TD> </form></TR> <% else %> - <TD><%= item.servicename %></TD><TD><%= item.sequence %></TD> - <TD><%= item.kill %></TD><TD><%= item.system %></TD></TR> + <TD><%= html.html_escape(item.servicename) %></TD><TD><%= html.html_escape(item.sequence) %></TD> + <TD><%= html.html_escape(item.kill) %></TD><TD><%= html.html_escape(item.system) %></TD></TR> <% end %> <% end %> </TABLE> |