Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/tinydns/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed

1 files changed, 3 insertions, 3 deletions

diff --git a/tinydns-listpermissions-html.lsp b/tinydns-listpermissions-html.lsp
index fc80db9..55d09b5 100644
--- a/tinydns-listpermissions-html.lsp
+++ b/tinydns-listpermissions-html.lsp
@@ -6,7 +6,7 @@
 
 <% displaycommandresults({"edituserpermisisons", "editrolepermissions"}, session) %>
 
-<H1><%= view.label %></H1>
+<H1><%= html.html_escape(view.label) %></H1>
 
 <H2>User Permissions</H2>
 <TABLE>
@@ -14,7 +14,7 @@
 <% for i,user in ipairs(view.value.user) do %>
 	<TR><TD><%= html.link{value=page_info.script .. page_info.prefix .. page_info.controller .. "/edituserpermissions?userid=" .. user.id .. "&redir="..page_info.orig_action, label=user.id} %></TD><TD>
 	<% for y,allowed in pairs(user.allowed) do
-		print(allowed, "<BR>")
+		print(html.html_escape(allowed), "<BR>")
 	end %>
 	<TD></TR>
 <% end %>
@@ -26,7 +26,7 @@
 <% for i,role in ipairs(view.value.role) do %>
 	<TR><TD><%= html.link{value=page_info.script .. page_info.prefix .. page_info.controller .. "/editrolepermissions?role=" .. role.id .. "&redir="..page_info.orig_action, label=role.id} %></TD><TD>
 	<% for y,allowed in pairs(role.allowed) do
-		print(allowed, "<BR>")
+		print(html.html_escape(allowed), "<BR>")
 	end %>
 	<TD></TR>
 <% end %>