From afcd120c1c5b8d839820259c9d8b488e994fcffe Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/openssl/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 openssl-status-html.lsp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'openssl-status-html.lsp')

diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
index b1b59ea..68623da 100644
--- a/openssl-status-html.lsp
+++ b/openssl-status-html.lsp
@@ -11,7 +11,7 @@ io.write(html.cfe_unpack(view))
 <DL>
 <% displayitem(view.value.version) %>
 <% if view.value.version and view.value.version.errtxt and session.permissions.apk and session.permissions.apk.install then %>
-	<a href="<%= page_info.script .. "/apk-tools/apk/install?package="..view.value.version.name %>">Install</a>
+	<a href="<%= html.html_escape(page_info.script .. "/apk-tools/apk/install?package="..view.value.version.name) %>">Install</a>
 <% end %>
 <% displayitem(view.value.conffile) %>
 <% displayitem(view.value.environment) %>
@@ -26,7 +26,7 @@ io.write(html.cfe_unpack(view))
 		end
 	elseif not view.value.cacert.errtxt and not view.value.cakey.errtxt then %>
 <H1>CA Certificate contents</H1>
-<pre><%= view.value.cacertcontents.value %></pre>
+<pre><%= html.html_escape(view.value.cacertcontents.value) %></pre>
 	<% elseif viewlibrary and viewlibrary.dispatch_component then
 		if session.permissions.openssl.putcacert then
 			viewlibrary.dispatch_component("putcacert")
-- 
cgit v1.2.3