diff options
Diffstat (limited to 'gnats-queryresult-html.lsp')
| -rw-r--r-- | gnats-queryresult-html.lsp | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/gnats-queryresult-html.lsp b/gnats-queryresult-html.lsp index b6b76bb..628043a 100644 --- a/gnats-queryresult-html.lsp +++ b/gnats-queryresult-html.lsp @@ -19,34 +19,34 @@ function displayinfo(myform,tags,viewtype) val.class = "error" io.write(" class='error'") end - io.write(">" .. val.label .. "</DT>") + io.write(">" .. html.html_escape(val.label) .. "</DT>") io.write("\n\t\t<DD>") if (viewtype == "viewonly") then - if not (val.value) or (val.value == "") then val.value = " " end - io.write(val.value) + if not (val.value) or (val.value == "") then val.value = " " end + io.write(html.html_escape(val.value)) elseif (val.type == "radio") and (type(val.option) == "table") and (#val.option > 0) then - io.write("<span style='display:inline' class='" .. ( val.class or "") .. "'>") + io.write("<span style='display:inline' class='" .. html.html_escape(val.class) .. "'>") for k1,v1 in pairs(val.option) do - io.write("\n\t\t\t"..tostring(v1) .. ":") - io.write("<input style='margin-right:20px;margin-left:5px;' type='radio' class='" .. ( val.class or "") .. "' name='" .. val.name .. "'") + io.write("\n\t\t\t"..html.html_escape(tostring(v1)) .. ":") + io.write("<input style='margin-right:20px;margin-left:5px;' type='radio' class='" .. html.html_escape(val.class) .. "' name='" .. html.html_escape(val.name) .. "'") if (tostring(val.value) == tostring(v1)) then io.write(" checked='yes'") end - io.write(" value='" .. v1 .. "'>") + io.write(" value='" .. html.html_escape(v1) .. "'>") end io.write("\n\t\t\t</input></span>") else io.write(html.form[val.type](val)) end - if (val.descr) and (#val.descr > 0) then io.write("\n\t\t<P CLASS='descr'>" .. string.gsub(val.descr, "\n", "<BR>") .. "</P>") end - if (val.errtxt) then io.write("\n\t\t<P CLASS='error'>" .. string.gsub(val.errtxt, "\n", "<BR>") .. "</P>") end + if (val.descr) and (#val.descr > 0) then io.write("\n\t\t<P CLASS='descr'>" .. string.gsub(html.html_escape(val.descr), "\n", "<BR>") .. "</P>") end + if (val.errtxt) then io.write("\n\t\t<P CLASS='error'>" .. string.gsub(html.html_escape(val.errtxt), "\n", "<BR>") .. "</P>") end io.write("\n\t\t</DD>\n") end end end %> -<H1><% io.write(form["query"]["sfields"]["category"]["value"] .. "/") -io.write(form["query"]["sfields"]["number"]["value"] .. ": " ) -io.write(form["query"]["sfields"]["synopsis"]["value"] or form["query"]["header"]["subject"]["value"] or "Qurery object")%></H1> +<H1><% io.write(html.html_escape(form["query"]["sfields"]["category"]["value"] .. "/")) +io.write(html.html_escape(form["query"]["sfields"]["number"]["value"] .. ": " )) +io.write(html.html_escape(form["query"]["sfields"]["synopsis"]["value"] or form["query"]["header"]["subject"]["value"] or "Qurery object"))%></H1> <DL> <% @@ -71,9 +71,9 @@ local tags = {"environment", "description", "how_to_repeat", "fix", } for k,v in pairs(tags) do local myform=myform[v] %> -<H2><% io.write(myform.label) %></H2> +<H2><%= html.html_escape(myform.label) %></H2> <DL> -<PRE><% io.write(myform.value) %></PRE> +<PRE><%= html.html_escape(myform.value) %></PRE> </DL> <% end %> @@ -90,16 +90,16 @@ table {margin:10px;margin-top:5px;border:1px solid #aaa;background:#eee;} <% local myform = form.query["mfields"]["audit_trail"] %> -<H2><% io.write(myform.label) %></H2> +<H2><%= html.html_escape(myform.label) %></H2> <DL> <% for k,v in pairs(myform.option) do io.write("\n<TABLE STYLE='width:98%;'>") if (#v.label > 0) then - io.write("<TR CLASS='" .. (v.class or "") .. "'><TD COLSPAN=2 CLASS='Header'>" .. (v.label or "Uknown") .. "</TD></TR>") + io.write("<TR CLASS='" .. html.html_escape(v.class) .. "'><TD COLSPAN=2 CLASS='Header'>" .. html.html_escape(v.label or "Uknown") .. "</TD></TR>") end for i=1,#v do - io.write("<TR><TD WIDTH='100%'><PRE>" .. (v[i] or "Uknown") .. "</PRE></TD></TR>") + io.write("<TR><TD WIDTH='100%'><PRE>" .. html.html_escape(v[i] or "Uknown") .. "</PRE></TD></TR>") end io.write("\n</TABLE>") end @@ -112,9 +112,9 @@ local tags = {"unformatted", } for k,v in pairs(tags) do local myform=myform[v] %> -<H2><% io.write(myform.label) %></H2> +<H2><%= html.html_escape(myform.label) %></H2> <DL> -<PRE><% io.write(myform.value) %></PRE> +<PRE><%= html.html_escape(myform.value) %></PRE> </DL> <% end %> @@ -176,12 +176,12 @@ DL { padding-top: 5px; } <% for k,v in pairs(form.summary) do %> - <tr class='<% io.write(string.sub(v.state,1,1)) %>'> - <td width='30px'><A HREF='queryresult?pr=<% io.write(v.number) %>' STYLE='font-weight:bold;'><% io.write(v.number or "") %></A></td> - <td width='15px'><% io.write(string.sub(v.state,1,1) or "") %></td> - <td width='80px'><% io.write(v.submit_date or "") %></td> - <td width='80px'><% io.write(v.severity or "")%></td> - <td style='white-space:normal;word-wrap:break-word'><% io.write(v.synopsis) %></td> + <tr class='<%= html.html_escape(string.sub(v.state,1,1)) %>'> + <td width='30px'><A HREF='queryresult?pr=<%= html.html_escape(v.number) %>' STYLE='font-weight:bold;'><%= html.html_escape(v.number) %></A></td> + <td width='15px'><%= html.html_escape(string.sub(v.state,1,1)) %></td> + <td width='80px'><%= html.html_escape(v.submit_date) %></td> + <td width='80px'><%= html.html_escape(v.severity) %></td> + <td style='white-space:normal;word-wrap:break-word'><%= html.html_escape(v.synopsis) %></td> </tr> <% end %> |