From 72a3e69b5f4adafea8905e60213371ab1b2fc019 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/ipsec-tools/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 ipsectools-listcerts-html.lsp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ipsectools-listcerts-html.lsp')

diff --git a/ipsectools-listcerts-html.lsp b/ipsectools-listcerts-html.lsp
index 90f8849..d2f3c69 100644
--- a/ipsectools-listcerts-html.lsp
+++ b/ipsectools-listcerts-html.lsp
@@ -4,7 +4,7 @@
 <% displaycommandresults({"deletecert"}, session) %>
 <% displaycommandresults({"uploadcert"}, session, true) %>
 
-<H1><%= view.label %></H1>
+<H1><%= html.html_escape(view.label) %></H1>
 
 <DL>
 <TABLE>
@@ -20,7 +20,7 @@
 		<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/viewcert?cert="..cert.."&redir="..page_info.orig_action, label="View "} %>
 		<% end %>
 		</TD>
-		<TD style="white-space:nowrap;"><%= cert %></TD>
+		<TD style="white-space:nowrap;"><%= html.html_escape(cert) %></TD>
 	</TR>
 <% end %>
 </TABLE>
-- 
cgit v1.2.3