Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/ipsec-tools/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed

1 files changed, 4 insertions, 4 deletions

diff --git a/ipsectools-details-html.lsp b/ipsectools-details-html.lsp
index b16da64..c5cdb5c 100644
--- a/ipsectools-details-html.lsp
+++ b/ipsectools-details-html.lsp
@@ -9,7 +9,7 @@ io.write("</span>")
 
 <% viewlibrary.dispatch_component("status") %>
 
-<H2><%= data.label %></H2>
+<H2><%= html.html_escape(data.label) %></H2>
 <DL>
 <%
 if not data.value.show_isakmp or #data.value.show_isakmp.value == 0 then
@@ -23,13 +23,13 @@ else
 			else
 				io.write("idle")
 			end
-			io.write(".png' width='16' height='16'> ".. entry.Destination.value .. "</H3>")
+			io.write(".png' width='16' height='16'> ".. html.html_escape(entry.Destination.value) .. "</H3>")
 			io.write("<TABLE>\n")
 			local tags = {"Created","Source","Destination", "St", "Phase2details"}
 			for j,tag in pairs(tags) do
 				io.write("<TR><TD STYLE='font-weight:bold;width:120px;border:none;'>" .. 
-					(entry[tag].label or "") .. "</TD><TD STYLE='border:none;'>"..(entry[tag].value or ""))
-				if (entry[tag].descr) and (#entry[tag].descr > 0) then io.write(" (".. entry[tag].descr .. ")") end
+					html.html_escape(entry[tag].label) .. "</TD><TD STYLE='border:none;'>"..html.html_escape(entry[tag].value))
+				if (entry[tag].descr) and (#entry[tag].descr > 0) then io.write(" (".. html.html_escape(entry[tag].descr) .. ")") end
 				io.write("</TD></TR>")
 			end
 			io.write("</TABLE>")