summaryrefslogtreecommitdiffstats
path: root/openssl-html.lsp
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-html.lsp')
-rw-r--r--openssl-html.lsp30
1 files changed, 15 insertions, 15 deletions
diff --git a/openssl-html.lsp b/openssl-html.lsp
index 4258171..bd2ed7e 100644
--- a/openssl-html.lsp
+++ b/openssl-html.lsp
@@ -18,7 +18,7 @@ io.write(html.cfe_unpack(view))
<% displaycommandresults({"approve", "deleterequest", "deletemyrequest", "renewcert", "requestrenewcert", "revoke", "deletecert"}, session) %>
-<H1>Pending certificate requests<% if view.value.user then%> for <%= view.value.user.value %><% end %></H1>
+<H1>Pending certificate requests<% if view.value.user then%> for <%= html.html_escape(view.value.user.value) %><% end %></H1>
<% if not view.value.pending or #view.value.pending.value == 0 then %>
No certificates pending
<% else %>
@@ -47,9 +47,9 @@ io.write(html.cfe_unpack(view))
io.write(html.link{value="deletemyrequest?request="..request.name, label="Delete "})
end %>
</td>
- <td><%= request.user %></td>
- <td><%= request.certtype %></td>
- <td><%= request.commonName %></td>
+ <td><%= html.html_escape(request.user) %></td>
+ <td><%= html.html_escape(request.certtype) %></td>
+ <td><%= html.html_escape(request.commonName) %></td>
</tr>
<% end %>
</tbody>
@@ -74,7 +74,7 @@ else
approved = view.value.approved.value
end %>
-<H1>Approved certificate requests<% if view.value.user then%> for <%= view.value.user.value %><% end %></H1>
+<H1>Approved certificate requests<% if view.value.user then%> for <%= html.html_escape(view.value.user.value) %><% end %></H1>
<% if #approved == 0 then %>
No certificates approved
<% else %>
@@ -111,18 +111,18 @@ end %>
<%= html.link{value="deletecert?cert="..cert.name, label="Delete "} %>
<% end %>
</td>
- <td><%= cert.user %></td>
- <td><%= cert.certtype %></td>
- <td><%= cert.commonName %></td>
- <td><%= tostring(tonumber('0x'..cert.serial)) %></td>
- <td><%= cert.enddate %></td>
+ <td><%= html.html_escape(cert.user) %></td>
+ <td><%= html.html_escape(cert.certtype) %></td>
+ <td><%= html.html_escape(cert.commonName) %></td>
+ <td><%= html.html_escape(tostring(tonumber('0x'..cert.serial))) %></td>
+ <td><%= html.html_escape(cert.enddate) %></td>
</tr>
<% end %>
<tbody>
</table>
<% end %>
-<H1>Revoked certificates<% if view.value.user then%> for <%= view.value.user.value %><% end %></H1>
+<H1>Revoked certificates<% if view.value.user then%> for <%= html.html_escape(view.value.user.value) %><% end %></H1>
<% if #revoked == 0 then %>
No certificates revoked
<% else %>
@@ -150,10 +150,10 @@ end %>
<%= html.link{value="deletecert?cert="..cert.name, label="Delete "} %>
<% end %>
</td>
- <td><%= cert.user %></td>
- <td><%= cert.certtype %></td>
- <td><%= cert.commonName %></td>
- <td><%= tostring(tonumber('0x'..cert.serial)) %></td>
+ <td><%= html.html_escape(cert.user) %></td>
+ <td><%= html.html_escape(cert.certtype) %></td>
+ <td><%= html.html_escape(cert.commonName) %></td>
+ <td><%= html.html_escape(tostring(tonumber('0x'..cert.serial))) %></td>
</tr>
<% end %>
</tbody>
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 02:22:18 +0000