From 82bba5703c4c02d30b6c0a3c1fa7d5f692147882 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Thu, 15 Jan 2009 21:44:39 +0000 Subject: Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them. git-svn-id: svn://svn.alpinelinux.org/acf/gnats/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed --- gnats-query-html.lsp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'gnats-query-html.lsp') diff --git a/gnats-query-html.lsp b/gnats-query-html.lsp index 98e1bf6..f955df1 100644 --- a/gnats-query-html.lsp +++ b/gnats-query-html.lsp @@ -35,25 +35,25 @@ function displayinfo(myform,tags,viewtype) val.class = "error" io.write(" class='error'") end - io.write(">" .. val.label .. "") + io.write(">" .. html.html_escape(val.label) .. "") io.write("\n\t\t
") if (viewtype == "viewonly") then - if (val.value == "") then val.value = " " end - io.write(val.value) + if (val.value == "") then val.value = " " end + io.write(html.html_escape(val.value)) elseif (val.type == "radio") and (type(val.option) == "table") and (#val.option > 0) then - io.write("") + io.write("") for k1,v1 in pairs(val.option) do - io.write("\n\t\t\t"..tostring(v1) .. ":") - io.write("") + io.write(" value='" .. html.html_escape(v1) .. "'>") end io.write("\n\t\t\t") else io.write(html.form[val.type](val)) end - if (val.descr) and (#val.descr > 0) then io.write("\n\t\t

" .. string.gsub(val.descr, "\n", "
") .. "

") end - if (val.errtxt) then io.write("\n\t\t

" .. string.gsub(val.errtxt, "\n", "
") .. "

") end + if (val.descr) and (#val.descr > 0) then io.write("\n\t\t

" .. string.gsub(html.html_escape(val.descr), "\n", "
") .. "

") end + if (val.errtxt) then io.write("\n\t\t

" .. string.gsub(html.html_escape(val.errtxt), "\n", "
") .. "

") end io.write("\n\t\t
\n") end end -- cgit v1.2.3