Modified filedetails view to HTML escape the filecontent before displaying it.

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1443 ab2d0c66-481e-0410-8bed-d214d4d58bed
author: Ted Trask <ttrask01@yahoo.com> 2008-09-03 13:53:55 +0000
committer: Ted Trask <ttrask01@yahoo.com> 2008-09-03 13:53:55 +0000
commit: 413b76885f6033da097c9474c1e9367bcb8969b5 (patch)
tree: 498537e61815fc4aa1393b46584455b0665d9f0f /app/filedetails-html.lsp
parent: 48cbac3ff8468cae92e2fa31280a84bd2ae2bc7c (diff)
download: acf-core-413b76885f6033da097c9474c1e9367bcb8969b5.tar.bz2
acf-core-413b76885f6033da097c9474c1e9367bcb8969b5.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/filedetails-html.lsp b/app/filedetails-html.lsp
index b7d392c..5b51500 100644
--- a/app/filedetails-html.lsp
+++ b/app/filedetails-html.lsp
@@ -22,7 +22,7 @@ displayitem(form.value.mtime)
 <form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %>" method="POST">
 <input type="hidden" name="filename" value="<%= form.value.filename.value %>">
 <textarea name="filecontent">
-<%= form.value.filecontent.value %>
+<%= html.html_escape(form.value.filecontent.value) %>
 </textarea>
 <% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(form.value.filecontent.errtxt, "\n", "<BR>") %></P><% end %>
author	Ted Trask <ttrask01@yahoo.com>	2008-09-03 13:53:55 +0000
committer	Ted Trask <ttrask01@yahoo.com>	2008-09-03 13:53:55 +0000
commit	413b76885f6033da097c9474c1e9367bcb8969b5 (patch)
tree	498537e61815fc4aa1393b46584455b0665d9f0f /app/filedetails-html.lsp
parent	48cbac3ff8468cae92e2fa31280a84bd2ae2bc7c (diff)
download	acf-core-413b76885f6033da097c9474c1e9367bcb8969b5.tar.bz2 acf-core-413b76885f6033da097c9474c1e9367bcb8969b5.tar.xz