From 2a737c480d632eb54c1131654e12f638a1476978 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/snort/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 snort-details-html.lsp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/snort-details-html.lsp b/snort-details-html.lsp
index 6c4091f..ab6024d 100644
--- a/snort-details-html.lsp
+++ b/snort-details-html.lsp
@@ -11,26 +11,26 @@ io.write("</span>")
 
 <% viewlibrary.dispatch_component("status") %>
 
-<H2><%= data.label %></H2>
+<H2><%= html.html_escape(data.label) %></H2>
 
 <% 
 if #data.value == 0 then
 	io.write("No alerts found")
 else
 	for i,priority in ipairs(data.value) do %>
-		<h2><%= priority.name %></h2>
+		<h2><%= html.html_escape(priority.name) %></h2>
 		<% for cls in pairs(priority.value) do %>
-			<h3><%= cls %></h3>
+			<h3><%= html.html_escape(cls) %></h3>
 			<% for id,alert in pairs(priority.value[cls]) do %>
-				<p><B><%= alert.value[1] %></B><BR>
+				<p><B><%= html.html_escape(alert.value[1]) %></B><BR>
 				<% for j=2, table.maxn(alert.value) do %>
-					<%= alert.value[j] %><BR>
+					<%= html.html_escape(alert.value[j]) %><BR>
 				<% end %>
-				<I>(This alarm is repeated <B><%= alert.count %></B> times)</I>
+				<I>(This alarm is repeated <B><%= html.html_escape(alert.count) %></B> times)</I>
 				<% if (table.maxn(alert.url) ~= 0) then %>
 					( URL's:
 					<% for k,url in ipairs(alert.url) do %>
-						<a href="<%= url %>" target="_new"><img src="/skins/static/tango/16x16/categories/applications-internet.png" alt="<%= url %>"></a>
+						<a href="<%= html.html_escape(url) %>" target="_new"><img src="/skins/static/tango/16x16/categories/applications-internet.png" alt="<%= html.html_escape(url) %>"></a>
 					<% end %>
 				)
 				<% end %>
-- 
cgit v1.2.3