diff options
| -rw-r--r-- | lbu-listbackups-html.lsp | 2 | ||||
| -rw-r--r-- | lbu-listchanges-html.lsp | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/lbu-listbackups-html.lsp b/lbu-listbackups-html.lsp index cc6e3d8..a2e80e4 100644 --- a/lbu-listbackups-html.lsp +++ b/lbu-listbackups-html.lsp @@ -24,7 +24,7 @@ No backup files <tr><td> <%= html.link{value="selectbackup?backup="..name, label="Select "} %> </td> - <td><%= name %></td></tr> + <td><%= html.html_escape(name) %></td></tr> <% end end %> </table> diff --git a/lbu-listchanges-html.lsp b/lbu-listchanges-html.lsp index 0733e96..42d6387 100644 --- a/lbu-listchanges-html.lsp +++ b/lbu-listchanges-html.lsp @@ -22,7 +22,7 @@ end %> <H1>Download Overlay</H1> <DL> <DT>Generate and download overlay</DT> - <DD><form action="<%= page_info.script .. page_info.prefix %>lbu/getpackage" method="POST"> + <DD><form action="<%= html.html_escape(page_info.script .. page_info.prefix) %>lbu/getpackage" method="POST"> <input class="submit" type="submit" name="Download" value="Download"></form></DD> </DL> <% end %> @@ -35,7 +35,7 @@ end %> io.write("None") else for i,file in pairs(view.value) do - io.write(file.status .. "\t" .. file.name .. "\n") + io.write(html.html_escape(file.status .. "\t" .. file.name .. "\n")) end end %></pre></DD> |