diff options
| -rw-r--r-- | cron-listjobs-html.lsp | 4 | ||||
| -rw-r--r-- | health-modules-html.lsp | 2 | ||||
| -rw-r--r-- | health-network-html.lsp | 4 | ||||
| -rw-r--r-- | health-networkstats-html.lsp | 15 | ||||
| -rw-r--r-- | health-proc-html.lsp | 4 | ||||
| -rw-r--r-- | health-storage-html.lsp | 14 | ||||
| -rw-r--r-- | health-system-html.lsp | 14 | ||||
| -rw-r--r-- | hostname-html.lsp | 2 | ||||
| -rw-r--r-- | interfaces-read-html.lsp | 18 | ||||
| -rw-r--r-- | interfaces-update-html.lsp | 2 | ||||
| -rw-r--r-- | logfiles-status-html.lsp | 6 | ||||
| -rw-r--r-- | logfiles-tail-html.lsp | 4 | ||||
| -rw-r--r-- | logfiles-view-html.lsp | 6 | ||||
| -rw-r--r-- | modules-edit-html.lsp | 4 | ||||
| -rw-r--r-- | modules-status-html.lsp | 2 | ||||
| -rw-r--r-- | password-edit-html.lsp | 2 | ||||
| -rw-r--r-- | rc-edit-html.lsp | 2 | ||||
| -rw-r--r-- | rc-status-html.lsp | 18 | ||||
| -rw-r--r-- | skins-read-html.lsp | 4 |
19 files changed, 66 insertions, 61 deletions
diff --git a/cron-listjobs-html.lsp b/cron-listjobs-html.lsp index 6f21673..d9705e0 100644 --- a/cron-listjobs-html.lsp +++ b/cron-listjobs-html.lsp @@ -10,7 +10,7 @@ end %> <H1>Cron Jobs</H1> <% for i,tabl in ipairs(view.value) do %> -<H2><%= tabl.period %></H2> +<H2><%= html.html_escape(tabl.period) %></H2> <% if #tabl.jobs == 0 then %> No jobs <% else %> @@ -25,7 +25,7 @@ No jobs <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editjob?name="..job.."&redir="..page_info.orig_action, label="Edit "} %> <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletejob?name="..job, label="Delete "} %> </TD> - <TD style="white-space:nowrap;"><%= string.gsub(job, "^.*/", "") %></TD> + <TD style="white-space:nowrap;"><%= html.html_escape(string.gsub(job, "^.*/", "")) %></TD> </TR> <% end %> </TABLE> diff --git a/health-modules-html.lsp b/health-modules-html.lsp index ee6e0ad..5ffcf97 100644 --- a/health-modules-html.lsp +++ b/health-modules-html.lsp @@ -3,4 +3,4 @@ <h1>Modules</h1> <h2>Installed modules</h2> -<pre><%= view.value.list.value %></pre> +<pre><%= html.html_escape(view.value.list.value) %></pre> diff --git a/health-network-html.lsp b/health-network-html.lsp index d97322a..5d97a9e 100644 --- a/health-network-html.lsp +++ b/health-network-html.lsp @@ -3,7 +3,7 @@ <h1>Network</h1> <h2>Interface status</h2> -<pre><%= view.value.interfaces.value %></pre> +<pre><%= html.html_escape(view.value.interfaces.value) %></pre> <h2>Routes</h2> -<pre><%= view.value.routes.value %></pre> +<pre><%= html.html_escape(view.value.routes.value) %></pre> diff --git a/health-networkstats-html.lsp b/health-networkstats-html.lsp index a19f71d..22b0a86 100644 --- a/health-networkstats-html.lsp +++ b/health-networkstats-html.lsp @@ -43,7 +43,7 @@ function Update(){ $.ajaxSetup({cache:false}); $.getJSON( - '<%= page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %>', + '<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action) %>', {viewtype:'json'}, function(data) { if (lastdata != null){ @@ -100,16 +100,21 @@ <H1>Network Statistics</H1> Network traffic in bytes/second -<div id="chart" style="FLOAT: left; WIDTH: 600px; HEIGHT: 300px"></div> -<div id="legend" style="FLOAT: left; margin-left: 10px; WIDTH: 50px"></div> + +<TABLE><TR><TD style="vertical-align:top;"> +<div id="chart" style="WIDTH: 100%; HEIGHT: 300px; MIN-WIDTH:600px;"></div></TD> +<TD style="align:left;" WIDTH="140px"><div id="legend" style="margin-left: 10px; width: 130px;"></div></TD> +</TR></TABLE> + + <DL> <DT>Display Options</DT> <DD><TABLE> <% for intf,val in pairs(view.value) do local ipaddr = "" if val.ipaddr then ipaddr = " ("..val.ipaddr..")" end %> - <TR><TD><input type="checkbox" name=<%= intf.."RX" %> checked="checked"><%= intf.." RX"..ipaddr %></input></TD> - <TD><input type="checkbox" name=<%= intf.."TX" %> checked="checked"><%= intf.." TX"..ipaddr %></input></TD></TR> + <TR><TD><input type="checkbox" name=<%= html.html_escape(intf).."RX" %> checked="checked"><%= html.html_escape(intf).." RX"..html.html_escape(ipaddr) %></input></TD> + <TD><input type="checkbox" name=<%= html.html_escape(intf).."TX" %> checked="checked"><%= html.html_escape(intf).." TX"..html.html_escape(ipaddr) %></input></TD></TR> <% end %> </TABLE></DD> <DT>Start / Stop</DT> diff --git a/health-proc-html.lsp b/health-proc-html.lsp index 6e52d21..3105a1c 100644 --- a/health-proc-html.lsp +++ b/health-proc-html.lsp @@ -3,7 +3,7 @@ <h1>Process information</h1> <h2>Processor</h2> -<pre><%= view.value.processor.value %></pre> +<pre><%= html.html_escape(view.value.processor.value) %></pre> <h2>Memory</h2> -<pre><%= view.value.memory.value %></pre> +<pre><%= html.html_escape(view.value.memory.value) %></pre> diff --git a/health-storage-html.lsp b/health-storage-html.lsp index cd9162e..bd2a20a 100644 --- a/health-storage-html.lsp +++ b/health-storage-html.lsp @@ -1,22 +1,22 @@ <% local view = ... %> <% displaydisk = function(disk, name) -io.write("<pre>"..disk.value.."</pre>\n") +io.write("<pre>"..html.html_escape(disk.value).."</pre>\n") io.write('<TABLE STYLE="margin:0px;padding:0px;border:0px">\n') io.write(" <TR>\n") io.write(" <TD>0%</TD>\n") if tonumber(disk.used) > 0 then - io.write(' <TD WIDTH="'..disk.used..'%" STYLE="background:red;border:2px solid black;') + io.write(' <TD WIDTH="'..html.html_escape(disk.used)..'%" STYLE="background:red;border:2px solid black;') if tonumber(disk.used) < 100 then io.write('border-right:none;') end io.write('"><CENTER><B>') - if ( tonumber(disk.used) > 10) then io.write(disk.used .. "%") end + if ( tonumber(disk.used) > 10) then io.write(html.html_escape(disk.used) .. "%") end io.write('</B></CENTER></TD>\n') end if tonumber(disk.used) < 100 then - io.write(' <TD WIDTH="'..(100-disk.used)..'%" STYLE="background:#0c0;border:2px solid black;') + io.write(' <TD WIDTH="'..(100-tonumber(disk.used))..'%" STYLE="background:#0c0;border:2px solid black;') if tonumber(disk.used) > 0 then io.write('border-left:none;') end io.write('"><CENTER><B>') - if ( 90 > tonumber(disk.used)) then io.write((100-disk.used) .. "%") end + if ( 90 > tonumber(disk.used)) then io.write((100-tonumber(disk.used)) .. "%") end io.write('</B></CENTER></TD>\n') end io.write(' <TD>100%</TD>\n') @@ -24,7 +24,7 @@ io.write(" </TR>\n") io.write("</TABLE>\n") io.write('<TABLE STYLE="margin:0px;padding:0px;border:0px;margin-top:5px;">\n') io.write(" <TR>\n") -io.write(' <TD WIDTH="100px"><B>'..name..'</B></TD><TD STYLE="background:red;border:2px solid black;" WIDTH="20px"></TD><TD WIDTH="70px"><B>=Used</B></TD><TD STYLE="background:#0c0;border:2px solid black;" WIDTH="20px"></TD><TD><B>=Free</B></TD>\n') +io.write(' <TD WIDTH="100px"><B>'..html.html_escape(name)..'</B></TD><TD STYLE="background:red;border:2px solid black;" WIDTH="20px"></TD><TD WIDTH="70px"><B>=Used</B></TD><TD STYLE="background:#0c0;border:2px solid black;" WIDTH="20px"></TD><TD><B>=Free</B></TD>\n') io.write(" </TR>\n") io.write("</TABLE>\n") end %> @@ -60,6 +60,6 @@ No RAM Disk mounted <% if view.value.partitions then %> <h2>Disk partitions</h2> -<pre><%= view.value.partitions.value %></pre> +<pre><%= html.html_escape(view.value.partitions.value) %></pre> <% end %> diff --git a/health-system-html.lsp b/health-system-html.lsp index 8ee3572..9fcea6f 100644 --- a/health-system-html.lsp +++ b/health-system-html.lsp @@ -3,22 +3,22 @@ <h1>System</h1> <h2>Versions and names</h2> -<pre><%= view.value.version.value %></pre> -<pre><%= view.value.uname.value %></pre> +<pre><%= html.html_escape(view.value.version.value) %></pre> +<pre><%= html.html_escape(view.value.uname.value) %></pre> <h2>Uptime</h2> -<pre><%= view.value.uptime.value %></pre> +<pre><%= html.html_escape(view.value.uptime.value) %></pre> <h2>Time/TimeZone</h2> -<pre><%= view.value.date.value %></pre> -<pre><%= view.value.timezone.value %></pre> +<pre><%= html.html_escape(view.value.date.value) %></pre> +<pre><%= html.html_escape(view.value.timezone.value) %></pre> <h2>Memory</h2> -<pre><%= view.value.memory.value %></pre> +<pre><%= html.html_escape(view.value.memory.value) %></pre> <TABLE STYLE="margin:0px;padding:0px;border:0px"> <TR> - <TD>0%</TD><TD WIDTH="<%= view.value.memory.used %>%" STYLE="background:red;border:2px solid black;border-right:none;"><CENTER><B><% if ( tonumber(view.value.memory.used) > 10) then io.write(view.value.memory.used .. "%") end %></B></CENTER></TD><TD WIDTH="<%= (100-view.value.memory.used) %>%" STYLE="background:#0c0;border:2px solid black;border-left:none;""><CENTER><B><% if ( 90 > tonumber(view.value.memory.used)) then io.write((100-view.value.memory.used) .. "%") end %></B></CENTER></TD><TD>100%</TD> + <TD>0%</TD><TD WIDTH="<%= html.html_escape(view.value.memory.used) %>%" STYLE="background:red;border:2px solid black;border-right:none;"><CENTER><B><% if ( tonumber(view.value.memory.used) > 10) then io.write(html.html_escape(view.value.memory.used) .. "%") end %></B></CENTER></TD><TD WIDTH="<%= (100-tonumber(view.value.memory.used)) %>%" STYLE="background:#0c0;border:2px solid black;border-left:none;""><CENTER><B><% if ( 90 > tonumber(view.value.memory.used)) then io.write((100-tonumber(view.value.memory.used)) .. "%") end %></B></CENTER></TD><TD>100%</TD> </TR> </TABLE> <TABLE STYLE="margin:0px;padding:0px;border:0px;margin-top:5px;"> diff --git a/hostname-html.lsp b/hostname-html.lsp index cae18ae..52238b3 100644 --- a/hostname-html.lsp +++ b/hostname-html.lsp @@ -1,7 +1,7 @@ <% local view = ... %> <% require("viewfunctions") %> -<h1><%= view.label %></h1> +<h1><%= html.html_escape(view.label) %></h1> <DL> <% displayitem(view) %> </DL> diff --git a/interfaces-read-html.lsp b/interfaces-read-html.lsp index d0984dc..7504a1f 100644 --- a/interfaces-read-html.lsp +++ b/interfaces-read-html.lsp @@ -11,10 +11,10 @@ io.write("</span>") <% showoption = function(option) if option.errtxt or option.value ~= "" then %> - <TR><TD WIDTH='120px' STYLE='font-weight:bold;border:none;'><%= option.label %></TD> + <TR><TD WIDTH='120px' STYLE='font-weight:bold;border:none;'><%= html.html_escape(option.label) %></TD> <TD STYLE='border:none;'<% if option.errtxt then io.write("class='error'") end %>> - <%= string.gsub(tostring(option.value), "\n", "<BR>") %> - <% if option.errtxt then io.write("<BR>"..option.errtxt) end %> + <%= string.gsub(html.html_escape(tostring(option.value)), "\n", "<BR>") %> + <% if option.errtxt then io.write("<BR>"..html.html_escape(option.errtxt)) end %> </TD></TR> <% end %> <% end %> @@ -29,7 +29,7 @@ end %> <DL> <% for i,entry in ipairs(view.value) do local interface = entry.value %> - <DT><IMG SRC='/skins/static/tango/16x16/devices/network-wired.png' width='16' height='16'> <%= interface.name.value %></DT><DD> + <DT><IMG SRC='/skins/static/tango/16x16/devices/network-wired.png' width='16' height='16'> <%= html.html_escape(interface.name.value) %></DT><DD> <TABLE STYLE='margin-bottom:10px'> <% @@ -42,16 +42,16 @@ end %> end %> <TR> <% if session.permissions.interfaces.update then %> - <A HREF='update?name=<%= interface.name.value %>&redir=read'>Edit </A> + <A HREF='update?name=<%= html.html_escape(interface.name.value) %>&redir=read'>Edit </A> <% end if session.permissions.interfaces.delete then %> - <A HREF='delete?name=<%= interface.name.value %>'>Delete </A> + <A HREF='delete?name=<%= html.html_escape(interface.name.value) %>'>Delete </A> <% end if session.permissions.interfaces.ifup then %> - <A HREF='ifup?name=<%= interface.name.value %>'>ifup </A> + <A HREF='ifup?name=<%= html.html_escape(interface.name.value) %>'>ifup </A> <% end if session.permissions.interfaces.ifdown then %> - <A HREF='ifdown?name=<%= interface.name.value %>'>ifdown </A> + <A HREF='ifdown?name=<%= html.html_escape(interface.name.value) %>'>ifdown </A> <% end %> </TR> </TABLE> @@ -63,5 +63,5 @@ end %> <P class="error">WARNING!!! Restarting networking may cause the ACF web interface to stop functioning. Try refreshing this page after restarting. If that fails, you may have to use terminal access to recover.</P> <DL> <DT>Restart Networking</DT> -<DD><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/restart" %>"><input class="submit" type="submit" value="Restart"></form></DD> +<DD><form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/restart") %>"><input class="submit" type="submit" value="Restart"></form></DD> </DL> diff --git a/interfaces-update-html.lsp b/interfaces-update-html.lsp index d205c03..f796beb 100644 --- a/interfaces-update-html.lsp +++ b/interfaces-update-html.lsp @@ -151,7 +151,7 @@ io.write("</span>") --]] %> -<h1><%= form.label %><% if page_info.action == "update" then io.write(" - "..form.value.name.value) end %></h1> +<h1><%= html.html_escape(form.label) %><% if page_info.action == "update" then io.write(html.html_escape(" - "..form.value.name.value)) end %></h1> <% if page_info.action == "update" then form.value.name.readonly = true diff --git a/logfiles-status-html.lsp b/logfiles-status-html.lsp index b4e98b4..2b2fa9e 100644 --- a/logfiles-status-html.lsp +++ b/logfiles-status-html.lsp @@ -31,9 +31,9 @@ <TD style="padding-right:20px;white-space:nowrap;"><%= html.link{value = "view?name="..file.value.filename.value, label="View" } %></TD> <TD style="padding-right:20px;white-space:nowrap;"><%= html.link{value = "tail?name="..file.value.filename.value, label="Tail" } %></TD> <TD style="padding-right:20px;white-space:nowrap;"><%= html.link{value = "download?name="..file.value.filename.value, label="Download" } %></TD> - <TD style="padding-right:20px;white-space:nowrap;text-align:right"><%= file.value.filesize.value %></TD> - <TD style="padding-right:20px;white-space:nowrap;"><%= file.value.mtime.value %></TD> - <TD style="white-space:nowrap;"><%= file.value.filename.value %></TD> + <TD style="padding-right:20px;white-space:nowrap;text-align:right"><%= html.html_escape(file.value.filesize.value) %></TD> + <TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(file.value.mtime.value) %></TD> + <TD style="white-space:nowrap;"><%= html.html_escape(file.value.filename.value) %></TD> </TR> <% end %> </TABLE> diff --git a/logfiles-tail-html.lsp b/logfiles-tail-html.lsp index 72725ad..94bc4a8 100644 --- a/logfiles-tail-html.lsp +++ b/logfiles-tail-html.lsp @@ -8,8 +8,8 @@ function Update(){ $.ajaxSetup({cache:false}); $.getJSON( - '<%= page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %>', - {name:'<% io.write(form.value.filename.value) if form.value.grep.value ~= "" then io.write("',grep:'"..form.value.grep.value) end %>', offset:currentoffset}, + '<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action) %>', + {name:'<% io.write(html.html_escape(form.value.filename.value)) if form.value.grep.value ~= "" then io.write("',grep:'"..html.html_escape(form.value.grep.value)) end %>', offset:currentoffset}, function(data) { data.value.filecontent.value = data.value.filecontent.value.split("\n").join("<br>\n"); diff --git a/logfiles-view-html.lsp b/logfiles-view-html.lsp index 338a384..386eb91 100644 --- a/logfiles-view-html.lsp +++ b/logfiles-view-html.lsp @@ -23,13 +23,13 @@ end <% if form.type == "form" then %> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %> <% displayformstart(form) %> -<input type="hidden" name="filename" value="<%= form.value.filename.value %>"> +<input type="hidden" name="filename" value="<%= html.html_escape(form.value.filename.value) %>"> <% end %> <textarea name="filecontent"> <%= html.html_escape(form.value.filecontent.value) %> </textarea> -<% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(form.value.filecontent.errtxt, "\n", "<BR>") %></P><% end %> -<% if form.value.filecontent.descr then %><P CLASS='descr'><%= string.gsub(form.value.filecontent.descr, "\n", "<BR>") %></P><% end %> +<% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(html.html_escape(form.value.filecontent.errtxt), "\n", "<BR>") %></P><% end %> +<% if form.value.filecontent.descr then %><P CLASS='descr'><%= string.gsub(html.html_escape(form.value.filecontent.descr), "\n", "<BR>") %></P><% end %> <% if form.type == "form" then %> <H3>Save</H3> diff --git a/modules-edit-html.lsp b/modules-edit-html.lsp index 75c360f..e3c0f8d 100644 --- a/modules-edit-html.lsp +++ b/modules-edit-html.lsp @@ -27,8 +27,8 @@ displayitem(form.value.mtime) <textarea name="filecontent"> <%= html.html_escape(form.value.filecontent.value) %> </textarea> -<% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(form.value.filecontent.errtxt, "\n", "<BR>") %></P><% end %> -<% if form.value.filecontent.descr then %><P CLASS='descr'><%= string.gsub(form.value.filecontent.descr, "\n", "<BR>") %></P><% end %> +<% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(html.html_escape(form.value.filecontent.errtxt), "\n", "<BR>") %></P><% end %> +<% if form.value.filecontent.descr then %><P CLASS='descr'><%= string.gsub(html.html_escape(form.value.filecontent.descr), "\n", "<BR>") %></P><% end %> <% if form.type == "form" then %> <H3>Save</H3> diff --git a/modules-status-html.lsp b/modules-status-html.lsp index 9854e28..8d797b5 100644 --- a/modules-status-html.lsp +++ b/modules-status-html.lsp @@ -3,4 +3,4 @@ <h1>Modules</h1> <h2>Installed modules</h2> -<pre><%= view.value %></pre> +<pre><%= html.html_escape(view.value) %></pre> diff --git a/password-edit-html.lsp b/password-edit-html.lsp index d9582bf..257c319 100644 --- a/password-edit-html.lsp +++ b/password-edit-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action form.value.password.type = "password" diff --git a/rc-edit-html.lsp b/rc-edit-html.lsp index ad24179..5f18a14 100644 --- a/rc-edit-html.lsp +++ b/rc-edit-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action form.value.servicename.readonly = true diff --git a/rc-status-html.lsp b/rc-status-html.lsp index 3272af0..a234798 100644 --- a/rc-status-html.lsp +++ b/rc-status-html.lsp @@ -3,15 +3,15 @@ <% if session.editresult then %> <H1>Command Result</H1> - <% if session.editresult.errtxt then io.write('<P CLASS="error">' .. string.gsub(session.editresult.errtxt, "\n", "<BR>") .. "</P>\n") end - if session.editresult.descr then io.write('<P CLASS="descr">' .. string.gsub(session.editresult.descr, "\n", "<BR>") .. "</P>\n") end + <% if session.editresult.errtxt then io.write('<P CLASS="error">' .. string.gsub(html.html_escape(session.editresult.errtxt), "\n", "<BR>") .. "</P>\n") end + if session.editresult.descr then io.write('<P CLASS="descr">' .. string.gsub(html.html_escape(session.editresult.descr), "\n", "<BR>") .. "</P>\n") end for name,val in pairs(session.editresult.value) do - if val.errtxt then io.write('<P CLASS="error">' .. string.gsub(val.errtxt, "\n", "<BR>") .. "</P>\n") end + if val.errtxt then io.write('<P CLASS="error">' .. string.gsub(html.html_escape(val.errtxt), "\n", "<BR>") .. "</P>\n") end end session.editresult = nil end %> -<H1><%= view.label %></H1> +<H1><%= html.html_escape(view.label) %></H1> <TABLE> <TR> <% if session.permissions.rc.edit then %> @@ -28,14 +28,14 @@ for i,item in ipairs(view.value) do %> for name,val in pairs(result.value) do val.name=name end if result.value.kill.value then result.value.kill.checked = "" end if result.value.system.value then result.value.system.checked = "" end %> - <form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/edit" %>" method="POST"> - <TD><input class="submit" type="submit" name="<%= result.option %>" value="<%= result.submit or result.option %>"></TD> - <TD><%= item.servicename %><%= html.form.hidden(result.value.servicename) %></TD><TD><%= html.form.text(result.value.sequence) %></TD> + <form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/edit") %>" method="POST"> + <TD><input class="submit" type="submit" name="<%= html.html_escape(result.option) %>" value="<%= html.html_escape(result.submit or result.option) %>"></TD> + <TD><%= html.html_escape(item.servicename) %><%= html.form.hidden(result.value.servicename) %></TD><TD><%= html.form.text(result.value.sequence) %></TD> <TD><%= html.form.checkbox(result.value.kill) %></TD><TD><%= html.form.checkbox(result.value.system) %></TD> </form></TR> <% else %> - <TD><%= item.servicename %></TD><TD><%= item.sequence %></TD> - <TD><%= item.kill %></TD><TD><%= item.system %></TD></TR> + <TD><%= html.html_escape(item.servicename) %></TD><TD><%= html.html_escape(item.sequence) %></TD> + <TD><%= html.html_escape(item.kill) %></TD><TD><%= html.html_escape(item.system) %></TD></TR> <% end %> <% end %> </TABLE> diff --git a/skins-read-html.lsp b/skins-read-html.lsp index 9bb70a0..95547a5 100644 --- a/skins-read-html.lsp +++ b/skins-read-html.lsp @@ -7,11 +7,11 @@ <DL> <% for i,skin in ipairs(view.value) do %> - <dt><%= skin.value %></dt> + <dt><%= html.html_escape(skin.value) %></dt> <% if (skin.inuse) then %> <dd>in use</dd> <% else %> - <dd>[<a href="update?skin=<%= skin.value %>">use this skin</a>]</dd> + <dd>[<a href="update?skin=<%= html.html_escape(skin.value) %>">use this skin</a>]</dd> <% end %> <% end %> </DL> |