diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-09-03 13:53:55 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-09-03 13:53:55 +0000 |
commit | 413b76885f6033da097c9474c1e9367bcb8969b5 (patch) | |
tree | 498537e61815fc4aa1393b46584455b0665d9f0f /app/filedetails-html.lsp | |
parent | 48cbac3ff8468cae92e2fa31280a84bd2ae2bc7c (diff) | |
download | acf-core-413b76885f6033da097c9474c1e9367bcb8969b5.tar.bz2 acf-core-413b76885f6033da097c9474c1e9367bcb8969b5.tar.xz |
Modified filedetails view to HTML escape the filecontent before displaying it.
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1443 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'app/filedetails-html.lsp')
-rw-r--r-- | app/filedetails-html.lsp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/filedetails-html.lsp b/app/filedetails-html.lsp index b7d392c..5b51500 100644 --- a/app/filedetails-html.lsp +++ b/app/filedetails-html.lsp @@ -22,7 +22,7 @@ displayitem(form.value.mtime) <form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %>" method="POST"> <input type="hidden" name="filename" value="<%= form.value.filename.value %>"> <textarea name="filecontent"> -<%= form.value.filecontent.value %> +<%= html.html_escape(form.value.filecontent.value) %> </textarea> <% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(form.value.filecontent.errtxt, "\n", "<BR>") %></P><% end %> |