summaryrefslogtreecommitdiffstats
path: root/app/acf-util/roles-viewroles-html.lsp
diff options
context:
space:
mode:
Diffstat (limited to 'app/acf-util/roles-viewroles-html.lsp')
-rw-r--r--app/acf-util/roles-viewroles-html.lsp18
1 files changed, 9 insertions, 9 deletions
diff --git a/app/acf-util/roles-viewroles-html.lsp b/app/acf-util/roles-viewroles-html.lsp
index 0334499..46fdfc2 100644
--- a/app/acf-util/roles-viewroles-html.lsp
+++ b/app/acf-util/roles-viewroles-html.lsp
@@ -9,8 +9,8 @@
<H1>Roles</H1>
<H2>Create new role</H2>
-<form action="<%= page_info.script .. page_info.prefix .. page_info.controller %>/newrole" method="POST">
-<input class="hidden" type="hidden" name="redir" value="<%= page_info.orig_action %>" >
+<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller) %>/newrole" method="POST">
+<input class="hidden" type="hidden" name="redir" value="<%= html.html_escape(page_info.orig_action) %>" >
<dl><dt></dt><dd><input class="submit" type="submit" value="New Role"></dd></dl>
</form>
@@ -18,10 +18,10 @@
<% if view.value.default_roles then %>
<dl>
<% for x,role in pairs(view.value.default_roles.value) do %>
- <dt><img src='/skins/static/tango/16x16/categories/applications-system.png' height='16' width='16'> <%= role %></dt>
+ <dt><img src='/skins/static/tango/16x16/categories/applications-system.png' height='16' width='16'> <%= html.html_escape(role) %></dt>
<dd>
- [<a href='viewroleperms?role=<%= role %>'>View this role</a>]
- [<a href='editrole?role=<%= role %>&redir=<%= page_info.orig_action %>'>Edit this role</a>]
+ [<a href='viewroleperms?role=<%= html.html_escape(role) %>'>View this role</a>]
+ [<a href='editrole?role=<%= html.html_escape(role) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this role</a>]
</dd>
<% end %>
</dl>
@@ -30,11 +30,11 @@
<dl>
<% table.sort(view.value.defined_roles.value) %>
<% for x,role in pairs(view.value.defined_roles.value) do %>
- <dt><img src='/skins/static/tango/16x16/apps/system-users.png' height='16' width='16'> <%= role %></dt>
+ <dt><img src='/skins/static/tango/16x16/apps/system-users.png' height='16' width='16'> <%= html.html_escape(role) %></dt>
<dd>
- [<a href='viewroleperms?role=<%= role %>'>View this role</a>]
- [<a href='editrole?role=<%= role %>&redir=<%= page_info.orig_action %>'>Edit this role</a>]
- [<a href='deleterole?role=<%= role %>'>Delete this role</a>]
+ [<a href='viewroleperms?role=<%= html.html_escape(role) %>'>View this role</a>]
+ [<a href='editrole?role=<%= html.html_escape(role) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this role</a>]
+ [<a href='deleterole?role=<%= html.html_escape(role) %>'>Delete this role</a>]
</dd>
<% end %>
</dl>
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 06:25:24 +0000