From 3c67f77555e636f949588c049c2074c70a1cbe33 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 modules-edit-html.lsp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules-edit-html.lsp')

diff --git a/modules-edit-html.lsp b/modules-edit-html.lsp
index 75c360f..e3c0f8d 100644
--- a/modules-edit-html.lsp
+++ b/modules-edit-html.lsp
@@ -27,8 +27,8 @@ displayitem(form.value.mtime)
 <textarea name="filecontent">
 <%= html.html_escape(form.value.filecontent.value) %>
 </textarea>
-<% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(form.value.filecontent.errtxt, "\n", "<BR>") %></P><% end %>
-<% if form.value.filecontent.descr then %><P CLASS='descr'><%= string.gsub(form.value.filecontent.descr, "\n", "<BR>") %></P><% end %>
+<% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(html.html_escape(form.value.filecontent.errtxt), "\n", "<BR>") %></P><% end %>
+<% if form.value.filecontent.descr then %><P CLASS='descr'><%= string.gsub(html.html_escape(form.value.filecontent.descr), "\n", "<BR>") %></P><% end %>
 
 <% if form.type == "form" then %>
 <H3>Save</H3>
-- 
cgit v1.2.3