diff options
Diffstat (limited to 'tinydns-view-html.lsp')
| -rw-r--r-- | tinydns-view-html.lsp | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/tinydns-view-html.lsp b/tinydns-view-html.lsp index b163ce5..35052ab 100644 --- a/tinydns-view-html.lsp +++ b/tinydns-view-html.lsp @@ -51,7 +51,7 @@ io.write("</span>") %> <H1>DNS Entries -<% if view.filename then io.write(" for "..string.gsub(view.filename, "^.*/", "")) end %> +<% if view.filename then io.write(" for "..html.html_escape(string.gsub(view.filename, "^.*/", ""))) end %> </H1> <H2>Locations</H2> <DL id="locations"> @@ -63,13 +63,13 @@ for i,loc in ipairs(view.value) do if currentloc ~= "" then %> </ul> <% end %> - <li><IMG SRC='/skins/static/tango/16x16/places/start-here.png' width='16' height='16' alt> <B><%= loc[1] %></B></li> + <li><IMG SRC='/skins/static/tango/16x16/places/start-here.png' width='16' height='16' alt> <B><%= html.html_escape(loc[1]) %></B></li> <ul STYLE='margin-left:30px';> <% end currentloc = loc[1] %> - <li id='filename=<%= loc.filename %>;linenumber=<%= loc.linenumber %>'> - <%= loc[2] %><% if loc[2] == "" then io.write('*') end %> - <% if (loc.errtxt) then %><P CLASS='error'><%= string.gsub(loc.errtxt, "\n", "<BR>") %></P><% end %> + <li id='filename=<%= html.html_escape(loc.filename) %>;linenumber=<%= html.html_escape(loc.linenumber) %>'> + <%= html.html_escape(loc[2]) %><% if loc[2] == "" then io.write('*') end %> + <% if (loc.errtxt) then %><P CLASS='error'><%= string.gsub(html.html_escape(loc.errtxt), "\n", "<BR>") %></P><% end %> </li> <% end end %> @@ -102,7 +102,7 @@ local function doListIndents(next, indent) end for j=1,starting do io.write("<ul><li STYLE='margin-left:10px;'><strong>") - io.write(table.concat(newentry, ".", #newentry-(i+j-2), #newentry)) + io.write(html.html_escape(table.concat(newentry, ".", #newentry-(i+j-2), #newentry))) io.write("</strong>\n") end return revnewentry @@ -117,20 +117,20 @@ end for j,entry in ipairs(view.value) do if entry.type ~= '%' then indent = doListIndents(entry[1], indent) %> - <ul><li STYLE='margin-left:10px;' id='filename=<%= entry.filename %>;linenumber=<%= entry.linenumber %>'> - <IMG SRC='/skins/static/tango/16x16/devices/computer.png' width='16' height='16'><%= entry.label %><BR> - <pre><%= entry.configline %></pre> - <TABLE STYLE='margin-left:<%= tostring(7-#indent) %>0px;'> + <ul><li STYLE='margin-left:10px;' id='filename=<%= html.html_escape(entry.filename) %>;linenumber=<%= html.html_escape(entry.linenumber) %>'> + <IMG SRC='/skins/static/tango/16x16/devices/computer.png' width='16' height='16'><%= html.html_escape(entry.label) %><BR> + <pre><%= html.html_escape(entry.configline) %></pre> + <TABLE STYLE='margin-left:<%= html.html_escape(tostring(7-#indent)) %>0px;'> <% for k=2,#entry do local option = entry[k] if (option) and option ~= "" then %> - <TR><TD WIDTH='160px' STYLE='border:none;'><%= view.fieldlabels[entry.type][k] %>:</TD> - <TD STYLE='border:none;'><%= option %></TD></TR> + <TR><TD WIDTH='160px' STYLE='border:none;'><%= html.html_escape(view.fieldlabels[entry.type][k]) %>:</TD> + <TD STYLE='border:none;'><%= html.html_escape(option) %></TD></TR> <% end end %> </TABLE> <% if entry.errtxt then %> - <P CLASS='error'><%= string.gsub(entry.errtxt, "\n", "<BR>") %></P> + <P CLASS='error'><%= string.gsub(html.html_escape(entry.errtxt), "\n", "<BR>") %></P> <% end %> </li></ul> <% end |