From bd93652bba291b8c6a5d6f0753aea1a5241f9f6a Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/opennhrp/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 opennhrp-listinterfaces-html.lsp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'opennhrp-listinterfaces-html.lsp')

diff --git a/opennhrp-listinterfaces-html.lsp b/opennhrp-listinterfaces-html.lsp
index ca3fdb6..7f9181c 100644
--- a/opennhrp-listinterfaces-html.lsp
+++ b/opennhrp-listinterfaces-html.lsp
@@ -4,7 +4,7 @@ require("viewfunctions")
 
 <% displaycommandresults({"editinterface"}, session) %>
 
-<h1><%= view.label %></h1>
+<h1><%= html.html_escape(view.label) %></h1>
 <TABLE>
 	<TR style="background:#eee;font-weight:bold;">
 		<TD style="padding-right:20px;white-space:nowrap;text-align:left;" class="header">Action</TD>
@@ -17,9 +17,9 @@ require("viewfunctions")
 		<TD style="padding-right:20px;white-space:nowrap;">
 		<% io.write(html.link{value = "editinterface?interface="..intf.interface.."&redir="..page_info.orig_action, label="Edit " }) %>
 		</TD>
-		<TD style="padding-right:20px;white-space:nowrap;text-align:right;"><%= intf.interface %></TD>
-		<TD style="padding-right:20px;white-space:nowrap;"><%= intf.type %></TD>
-		<TD style="white-space:nowrap;" width="90%"><P class="error"><%= string.gsub(intf.errtxt or "", "\n", "<BR>") %></P></TD>
+		<TD style="padding-right:20px;white-space:nowrap;text-align:right;"><%= html.html_escape(intf.interface) %></TD>
+		<TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(intf.type) %></TD>
+		<TD style="white-space:nowrap;" width="90%"><P class="error"><%= string.gsub(html.html_escape(intf.errtxt), "\n", "<BR>") %></P></TD>
 	</TR>
 <% end %>
 </TABLE>
-- 
cgit v1.2.3