diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | a89437b3c168e6d5f38b8e577f31ea89f5c9c8d0 (patch) | |
tree | e64d30cb5a84749037695fbb1e34be6320964958 /tinydns-listpermissions-html.lsp | |
parent | 21db17697487d4476e7f521b87b8e88fb61f9672 (diff) | |
download | acf-tinydns-a89437b3c168e6d5f38b8e577f31ea89f5c9c8d0.tar.bz2 acf-tinydns-a89437b3c168e6d5f38b8e577f31ea89f5c9c8d0.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/tinydns/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'tinydns-listpermissions-html.lsp')
-rw-r--r-- | tinydns-listpermissions-html.lsp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tinydns-listpermissions-html.lsp b/tinydns-listpermissions-html.lsp index fc80db9..55d09b5 100644 --- a/tinydns-listpermissions-html.lsp +++ b/tinydns-listpermissions-html.lsp @@ -6,7 +6,7 @@ <% displaycommandresults({"edituserpermisisons", "editrolepermissions"}, session) %> -<H1><%= view.label %></H1> +<H1><%= html.html_escape(view.label) %></H1> <H2>User Permissions</H2> <TABLE> @@ -14,7 +14,7 @@ <% for i,user in ipairs(view.value.user) do %> <TR><TD><%= html.link{value=page_info.script .. page_info.prefix .. page_info.controller .. "/edituserpermissions?userid=" .. user.id .. "&redir="..page_info.orig_action, label=user.id} %></TD><TD> <% for y,allowed in pairs(user.allowed) do - print(allowed, "<BR>") + print(html.html_escape(allowed), "<BR>") end %> <TD></TR> <% end %> @@ -26,7 +26,7 @@ <% for i,role in ipairs(view.value.role) do %> <TR><TD><%= html.link{value=page_info.script .. page_info.prefix .. page_info.controller .. "/editrolepermissions?role=" .. role.id .. "&redir="..page_info.orig_action, label=role.id} %></TD><TD> <% for y,allowed in pairs(role.allowed) do - print(allowed, "<BR>") + print(html.html_escape(allowed), "<BR>") end %> <TD></TR> <% end %> |