summaryrefslogtreecommitdiffstats
path: root/gnats-query-html.lsp
diff options
context:
space:
mode:
Diffstat (limited to 'gnats-query-html.lsp')
-rw-r--r--gnats-query-html.lsp18
1 files changed, 9 insertions, 9 deletions
diff --git a/gnats-query-html.lsp b/gnats-query-html.lsp
index 98e1bf6..f955df1 100644
--- a/gnats-query-html.lsp
+++ b/gnats-query-html.lsp
@@ -35,25 +35,25 @@ function displayinfo(myform,tags,viewtype)
val.class = "error"
io.write(" class='error'")
end
- io.write(">" .. val.label .. "</DT>")
+ io.write(">" .. html.html_escape(val.label) .. "</DT>")
io.write("\n\t\t<DD>")
if (viewtype == "viewonly") then
- if (val.value == "") then val.value = "&nbsp;" end
- io.write(val.value)
+ if (val.value == "") then val.value = " " end
+ io.write(html.html_escape(val.value))
elseif (val.type == "radio") and (type(val.option) == "table") and (#val.option > 0) then
- io.write("<span style='display:inline' class='" .. ( val.class or "") .. "'>")
+ io.write("<span style='display:inline' class='" .. html.html_escape(val.class) .. "'>")
for k1,v1 in pairs(val.option) do
- io.write("\n\t\t\t"..tostring(v1) .. ":")
- io.write("<input style='margin-right:20px;margin-left:5px;' type='radio' class='" .. ( val.class or "") .. "' name='" .. val.name .. "'")
+ io.write("\n\t\t\t"..html.html_escape(tostring(v1)) .. ":")
+ io.write("<input style='margin-right:20px;margin-left:5px;' type='radio' class='" .. html.html_escape(val.class) .. "' name='" .. html.html_escape(val.name) .. "'")
if (tostring(val.value) == tostring(v1)) then io.write(" checked='yes'") end
- io.write(" value='" .. v1 .. "'>")
+ io.write(" value='" .. html.html_escape(v1) .. "'>")
end
io.write("\n\t\t\t</input></span>")
else
io.write(html.form[val.type](val))
end
- if (val.descr) and (#val.descr > 0) then io.write("\n\t\t<P CLASS='descr'>" .. string.gsub(val.descr, "\n", "<BR>") .. "</P>") end
- if (val.errtxt) then io.write("\n\t\t<P CLASS='error'>" .. string.gsub(val.errtxt, "\n", "<BR>") .. "</P>") end
+ if (val.descr) and (#val.descr > 0) then io.write("\n\t\t<P CLASS='descr'>" .. string.gsub(html.html_escape(val.descr), "\n", "<BR>") .. "</P>") end
+ if (val.errtxt) then io.write("\n\t\t<P CLASS='error'>" .. string.gsub(html.html_escape(val.errtxt), "\n", "<BR>") .. "</P>") end
io.write("\n\t\t</DD>\n")
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 23:33:19 +0000