diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | 76cbb205333360ae618c3b8a20faccf747039070 (patch) | |
tree | be2b31718d1352e38aa9572dd11d21f1ae8da2be /app | |
parent | c89e42cf158941545540ad4f8e94f478dec50c1a (diff) | |
download | acf-core-76cbb205333360ae618c3b8a20faccf747039070.tar.bz2 acf-core-76cbb205333360ae618c3b8a20faccf747039070.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'app')
-rw-r--r-- | app/acf-util/logon-html.lsp | 2 | ||||
-rw-r--r-- | app/acf-util/logon-logout-html.lsp | 2 | ||||
-rw-r--r-- | app/acf-util/logon-status-html.lsp | 4 | ||||
-rwxr-xr-x | app/acf-util/password-html.lsp | 2 | ||||
-rwxr-xr-x | app/acf-util/password-status-html.lsp | 22 | ||||
-rw-r--r-- | app/acf-util/roles-editrole-html.lsp | 12 | ||||
-rw-r--r-- | app/acf-util/roles-html.lsp | 16 | ||||
-rw-r--r-- | app/acf-util/roles-viewroles-html.lsp | 18 | ||||
-rw-r--r-- | app/dispatcherror-html.lsp | 2 | ||||
-rw-r--r-- | app/exception-html.lsp | 2 | ||||
-rw-r--r-- | app/filedetails-html.lsp | 6 | ||||
-rw-r--r-- | app/form-html.lsp | 2 | ||||
-rw-r--r-- | app/startstop-html.lsp | 6 | ||||
-rw-r--r-- | app/status-html.lsp | 4 | ||||
-rw-r--r-- | app/template-html.lsp | 24 |
15 files changed, 62 insertions, 62 deletions
diff --git a/app/acf-util/logon-html.lsp b/app/acf-util/logon-html.lsp index f6137cf..643ab86 100644 --- a/app/acf-util/logon-html.lsp +++ b/app/acf-util/logon-html.lsp @@ -4,7 +4,7 @@ io.write(html.cfe_unpack(form)) --]] %> -<h1><%= form.label %></h1> +<h1><%= html.html_escape(form.label) %></h1> <% form.value.password.type = "password" form.value.redir.type = "hidden" diff --git a/app/acf-util/logon-logout-html.lsp b/app/acf-util/logon-logout-html.lsp index a658ea9..b7b72f4 100644 --- a/app/acf-util/logon-logout-html.lsp +++ b/app/acf-util/logon-logout-html.lsp @@ -3,4 +3,4 @@ <%= html.cfe_unpack(view) %> -<%= view.logout.value %> +<%= html.html_escape(view.logout.value) %> diff --git a/app/acf-util/logon-status-html.lsp b/app/acf-util/logon-status-html.lsp index 5fb70c9..753248f 100644 --- a/app/acf-util/logon-status-html.lsp +++ b/app/acf-util/logon-status-html.lsp @@ -4,5 +4,5 @@ --]] %> <h1>User Status </h1> <p> Below is your current Session id <p> -<%= view.value.sessionid.value %> -<p>You are currently known to the system as <%= view.value.username.value %>.</p> +<%= html.html_escape(view.value.sessionid.value) %> +<p>You are currently known to the system as <%= html.html_escape(view.value.username.value) %>.</p> diff --git a/app/acf-util/password-html.lsp b/app/acf-util/password-html.lsp index faf8e44..7de8f88 100755 --- a/app/acf-util/password-html.lsp +++ b/app/acf-util/password-html.lsp @@ -9,7 +9,7 @@ io.write("</span>") --]] %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% if form.value.password and form.value.password_confirm then form.value.password.type = "password" diff --git a/app/acf-util/password-status-html.lsp b/app/acf-util/password-status-html.lsp index d7db4e9..714dfae 100755 --- a/app/acf-util/password-status-html.lsp +++ b/app/acf-util/password-status-html.lsp @@ -13,29 +13,29 @@ io.write("</span>") <H1>User Accounts</H1> <H2>Create new account</H2> <form action="<%= page_info.script .. page_info.prefix .. page_info.controller %>/newuser" method="POST"> -<input class="hidden" type="hidden" name="redir" value="<%= page_info.orig_action %>" > +<input class="hidden" type="hidden" name="redir" value="<%= html.html_escape(page_info.orig_action) %>" > <dl><dt></dt><dd><input class="submit" type="submit" value="New User"></dd></dl> </form> <H2>Existing account</H2> <DL> <% for name,user in pairs(form.value) do %> - <DT><IMG SRC='/skins/static/tango/16x16/apps/system-users.png' HEIGHT='16' WIDTH='16'> <%= name %></DT> + <DT><IMG SRC='/skins/static/tango/16x16/apps/system-users.png' HEIGHT='16' WIDTH='16'> <%= html.html_escape(name) %></DT> <DD><TABLE> <TR> - <TD STYLE='border:none;'><B><%= user.value.userid.label %></B></TD> - <TD STYLE='border:none;' WIDTH='90%'><%= user.value.userid.value %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.userid.label) %></B></TD> + <TD STYLE='border:none;' WIDTH='90%'><%= html.html_escape(user.value.userid.value) %></TD> </TR><TR> - <TD STYLE='border:none;'><B><%= user.value.username.label %></B></TD> - <TD STYLE='border:none;'><%= user.value.username.value %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.username.label) %></B></TD> + <TD STYLE='border:none;'><%= html.html_escape(user.value.username.value) %></TD> </TR><TR> - <TD STYLE='border:none;'><B><%= user.value.roles.label %></B></TD> - <TD STYLE='border:none;'><%= table.concat(user.value.roles.value, " / ") %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.roles.label) %></B></TD> + <TD STYLE='border:none;'><%= html.html_escape(table.concat(user.value.roles.value, " / ")) %></TD> </TR><TR> <TD STYLE='border:none;'><B>Option</B></TD> <TD STYLE='border:none;'> - [<A HREF='edituser?userid=<%= name %>&redir=<%= page_info.orig_action %>'>Edit this account</A>] - [<A HREF='deleteuser?userid=<%= name %>'>Delete this account</A>] - [<A HREF='<%= page_info.script %>/acf-util/roles/viewuserroles?userid=<%= name %>'>View roles for this account</A>] + [<A HREF='edituser?userid=<%= html.html_escape(name) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this account</A>] + [<A HREF='deleteuser?userid=<%= html.html_escape(name) %>'>Delete this account</A>] + [<A HREF='<%= html.html_escape(page_info.script) %>/acf-util/roles/viewuserroles?userid=<%= html.html_escape(name) %>'>View roles for this account</A>] </TD> </TR> </TABLE></DD> diff --git a/app/acf-util/roles-editrole-html.lsp b/app/acf-util/roles-editrole-html.lsp index 1997a97..f243ecb 100644 --- a/app/acf-util/roles-editrole-html.lsp +++ b/app/acf-util/roles-editrole-html.lsp @@ -5,7 +5,7 @@ io.write(html.cfe_unpack(form)) --]] %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% displayformstart(form, page_info) -- If editing existing role, disable role @@ -23,7 +23,7 @@ myitem.class = "error" io.write(' class="error"') end - io.write(">" .. myitem.label .. "</DT>\n") + io.write(">" .. html.html_escape(myitem.label) .. "</DT>\n") io.write("<DD>") -- FIXME multiple select doesn't work in haserl, so use series of checkboxes myitem.class = nil @@ -44,7 +44,7 @@ myitem.checked = reverseval[val] if reversedefault[val] then myitem.disabled = true else myitem.disabled = nil end myitem.name = tempname .. "." .. x - io.write(html.form.checkbox(myitem) .. val .. "<br>\n") + io.write(html.form.checkbox(myitem) .. html.html_escape(val) .. "<br>\n") end -- Check for values not in options if myitem.errtxt then @@ -55,7 +55,7 @@ if not reverseopt[val] then myitem.value = val myitem.checked = true - io.write(html.form.checkbox(myitem) .. val .. "<br>\n") + io.write(html.form.checkbox(myitem) .. html.html_escape(val) .. "<br>\n") end end if myitem.errtxt then @@ -64,8 +64,8 @@ myitem.name = tempname myitem.value = tempval - if myitem.descr then io.write('<P CLASS="descr">' .. string.gsub(myitem.descr, "\n", "<BR>") .. "</P>\n") end - if myitem.errtxt then io.write('<P CLASS="error">' .. string.gsub(myitem.errtxt, "\n", "<BR>") .. "</P>\n") end + if myitem.descr then io.write('<P CLASS="descr">' .. string.gsub(html.html_escape(myitem.descr), "\n", "<BR>") .. "</P>\n") end + if myitem.errtxt then io.write('<P CLASS="error">' .. string.gsub(html.html_escape(myitem.errtxt), "\n", "<BR>") .. "</P>\n") end io.write("</DD>\n") io.write("</DL>\n") diff --git a/app/acf-util/roles-html.lsp b/app/acf-util/roles-html.lsp index 16e4747..d61e60a 100644 --- a/app/acf-util/roles-html.lsp +++ b/app/acf-util/roles-html.lsp @@ -5,17 +5,17 @@ <% ---[[ %> <% if view.value.userid then %> - <H1>Roles/Permission list for <%= view.value.userid.value %>:</H1> + <H1>Roles/Permission list for <%= html.html_escape(view.value.userid.value) %>:</H1> <% elseif view.value.role then %> - <H1>Permission list for <%= view.value.role.value %>:</H1> + <H1>Permission list for <%= html.html_escape(view.value.role.value) %>:</H1> <% else %> <H1>Complete permission list:</H1> <% end %> <% if view.value.roles then %> - <H2><%= view.value.userid.value %> is valid in these roles</H2> + <H2><%= html.html_escape(view.value.userid.value) %> is valid in these roles</H2> <% for a,b in pairs(view.value.roles.value) do - print("<li>",b,"</li>") + print("<li>",html.html_escape(b),"</li>") end %> <% end %> <% --]] %> @@ -23,9 +23,9 @@ <% ---[[ %> <% if view.value.permissions then %> <% if view.value.userid then %> - <H2><%= view.value.userid.value %>'s full permissions are</H2> + <H2><%= html.html_escape(view.value.userid.value) %>'s full permissions are</H2> <% elseif view.value.role then %> - <H2><%= view.value.role.value %>'s full permissions are</H2> + <H2><%= html.html_escape(view.value.role.value) %>'s full permissions are</H2> <% end %> <% local controllers = {} -- It's nice to have it in alphabetical order @@ -36,7 +36,7 @@ io.write("<TABLE>") io.write("<TR><TD CLASS='header'>Controller</TD><TD CLASS='header'>Action(s)</TD>") for x,cont in ipairs(controllers) do - print("<TR><TD STYLE='font-weight:bold;'>",cont,"</TD><TD>") + print("<TR><TD STYLE='font-weight:bold;'>",html.html_escape(cont),"</TD><TD>") -- Again, alphabetical order local actions = {} for act in pairs(view.value.permissions.value[cont]) do @@ -44,7 +44,7 @@ end table.sort(actions) for y,act in pairs(actions) do - print(act) + print(html.html_escape(act)) end io.write("<TD></TR>") end diff --git a/app/acf-util/roles-viewroles-html.lsp b/app/acf-util/roles-viewroles-html.lsp index 0334499..46fdfc2 100644 --- a/app/acf-util/roles-viewroles-html.lsp +++ b/app/acf-util/roles-viewroles-html.lsp @@ -9,8 +9,8 @@ <H1>Roles</H1> <H2>Create new role</H2> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller %>/newrole" method="POST"> -<input class="hidden" type="hidden" name="redir" value="<%= page_info.orig_action %>" > +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller) %>/newrole" method="POST"> +<input class="hidden" type="hidden" name="redir" value="<%= html.html_escape(page_info.orig_action) %>" > <dl><dt></dt><dd><input class="submit" type="submit" value="New Role"></dd></dl> </form> @@ -18,10 +18,10 @@ <% if view.value.default_roles then %> <dl> <% for x,role in pairs(view.value.default_roles.value) do %> - <dt><img src='/skins/static/tango/16x16/categories/applications-system.png' height='16' width='16'> <%= role %></dt> + <dt><img src='/skins/static/tango/16x16/categories/applications-system.png' height='16' width='16'> <%= html.html_escape(role) %></dt> <dd> - [<a href='viewroleperms?role=<%= role %>'>View this role</a>] - [<a href='editrole?role=<%= role %>&redir=<%= page_info.orig_action %>'>Edit this role</a>] + [<a href='viewroleperms?role=<%= html.html_escape(role) %>'>View this role</a>] + [<a href='editrole?role=<%= html.html_escape(role) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this role</a>] </dd> <% end %> </dl> @@ -30,11 +30,11 @@ <dl> <% table.sort(view.value.defined_roles.value) %> <% for x,role in pairs(view.value.defined_roles.value) do %> - <dt><img src='/skins/static/tango/16x16/apps/system-users.png' height='16' width='16'> <%= role %></dt> + <dt><img src='/skins/static/tango/16x16/apps/system-users.png' height='16' width='16'> <%= html.html_escape(role) %></dt> <dd> - [<a href='viewroleperms?role=<%= role %>'>View this role</a>] - [<a href='editrole?role=<%= role %>&redir=<%= page_info.orig_action %>'>Edit this role</a>] - [<a href='deleterole?role=<%= role %>'>Delete this role</a>] + [<a href='viewroleperms?role=<%= html.html_escape(role) %>'>View this role</a>] + [<a href='editrole?role=<%= html.html_escape(role) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this role</a>] + [<a href='deleterole?role=<%= html.html_escape(role) %>'>Delete this role</a>] </dd> <% end %> </dl> diff --git a/app/dispatcherror-html.lsp b/app/dispatcherror-html.lsp index ce6b5c8..82f873f 100644 --- a/app/dispatcherror-html.lsp +++ b/app/dispatcherror-html.lsp @@ -27,4 +27,4 @@ <h1>Alpine Configuration Framework</h1> <p class="errordetail">Dispatch error occured</p> -<p class="hiddendetail">'<%= view.controller %>' does not have a '<%= view.action %>' action.</p> +<p class="hiddendetail">'<%= html.html_escapt(view.controller) %>' does not have a '<%= html.html_escape(view.action) %>' action.</p> diff --git a/app/exception-html.lsp b/app/exception-html.lsp index 9b7a441..3bd6621 100644 --- a/app/exception-html.lsp +++ b/app/exception-html.lsp @@ -27,4 +27,4 @@ <h1>Alpine Configuration Framework</h1> <p class="errordetail">Application error occured</p> -<p class="hiddendetail"><%= view.message %></p> +<p class="hiddendetail"><%= html.html_escape(view.message) %></p> diff --git a/app/filedetails-html.lsp b/app/filedetails-html.lsp index ccf7a0c..59d0cdd 100644 --- a/app/filedetails-html.lsp +++ b/app/filedetails-html.lsp @@ -20,13 +20,13 @@ displayitem(form.value.mtime) <% if form.type == "form" then %> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %> <% displayformstart(form) %> -<input type="hidden" name="filename" value="<%= form.value.filename.value %>"> +<input type="hidden" name="filename" value="<%= html.html_escape(form.value.filename.value) %>"> <% end %> <textarea name="filecontent"> <%= html.html_escape(form.value.filecontent.value) %> </textarea> -<% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(form.value.filecontent.errtxt, "\n", "<BR>") %></P><% end %> -<% if form.value.filecontent.descr then %><P CLASS='descr'><%= string.gsub(form.value.filecontent.descr, "\n", "<BR>") %></P><% end %> +<% if form.value.filecontent.errtxt then %><P CLASS='error'><%= string.gsub(html.html_escape(form.value.filecontent.errtxt), "\n", "<BR>") %></P><% end %> +<% if form.value.filecontent.descr then %><P CLASS='descr'><%= string.gsub(html.html_escape(form.value.filecontent.descr), "\n", "<BR>") %></P><% end %> <% if form.type == "form" then %> <H3>Save</H3> diff --git a/app/form-html.lsp b/app/form-html.lsp index de09780..cc50d2c 100644 --- a/app/form-html.lsp +++ b/app/form-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action displayform(form) diff --git a/app/startstop-html.lsp b/app/startstop-html.lsp index cbe4d5f..ab9b8ac 100644 --- a/app/startstop-html.lsp +++ b/app/startstop-html.lsp @@ -2,7 +2,7 @@ <H1>Management</H1> <DL> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %>" method="POST"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action) %>" method="POST"> <DT>Program control-panel</DT> <DD> <input class="submit" type="submit" name="action" value="Start" <% if data.value.status.value== "Running" then io.write("disabled") end %>> @@ -15,9 +15,9 @@ <DT>Previous action result</DT> <DD> <% if data.value.result.value ~= "" then %> -<P CLASS='descr'><%= string.gsub(data.value.result.value, "\n", "<BR>") %></P> +<P CLASS='descr'><%= string.gsub(html.html_escape(data.value.result.value), "\n", "<BR>") %></P> <% end if data.value.result.errtxt then %> -<P CLASS='error'><%= string.gsub(data.value.result.errtxt, "\n", "<BR>") %></P> +<P CLASS='error'><%= string.gsub(html.html_escape(data.value.result.errtxt), "\n", "<BR>") %></P> <% end end %> </DD> </DL> diff --git a/app/status-html.lsp b/app/status-html.lsp index f1e4c5c..8bd53db 100644 --- a/app/status-html.lsp +++ b/app/status-html.lsp @@ -12,13 +12,13 @@ displayitem(data.value.status) displayitem(data.value.version) if data.value.version and data.value.version.errtxt and session.permissions.apk and session.permissions.apk.install then %> - <a href="<%= page_info.script .. "/apk-tools/apk/install?package="..data.value.version.name %>">Install</a> + <a href="<%= html.html_escape(page_info.script .. "/apk-tools/apk/install?package="..data.value.version.name) %>">Install</a> <% end displayitem(data.value.autostart) if not (data.value.version and data.value.version.errtxt) and data.value.autostart and data.value.autostart.errtxt and session.permissions.rc and session.permissions.rc.edit then %> - <a href="<%= page_info.script .. "/alpine-baselayout/rc/edit?servicename="..data.value.autostart.name.."&redir=".. page_info.orig_action %>">Schedule autostart</a> + <a href="<%= html.html_escape(page_info.script .. "/alpine-baselayout/rc/edit?servicename="..data.value.autostart.name.."&redir=".. page_info.orig_action) %>">Schedule autostart</a> <% end %> </DL> diff --git a/app/template-html.lsp b/app/template-html.lsp index 4cd4f4d..cf6054b 100644 --- a/app/template-html.lsp +++ b/app/template-html.lsp @@ -22,11 +22,11 @@ if viewlibrary and viewlibrary.dispatch_component then end end %> -<title><%= hostname .. " - " .. pageinfo.controller .. "->" .. pageinfo.action %></title> -<link rel="stylesheet" type="text/css" href="<%= pageinfo.skindir %>static/reset.css"> -<link rel="stylesheet" type="text/css" href="<%= pageinfo.skindir .. pageinfo.skin.."/"..pageinfo.skin..".css" %>"> +<title><%= html.html_escape(hostname .. " - " .. pageinfo.controller .. "->" .. pageinfo.action) %></title> +<link rel="stylesheet" type="text/css" href="<%= html.html_escape(pageinfo.skindir) %>static/reset.css"> +<link rel="stylesheet" type="text/css" href="<%= html.html_escape(pageinfo.skindir .. pageinfo.skin.."/"..pageinfo.skin..".css") %>"> <!--[if IE]> -<link rel="stylesheet" type="text/css" href="<%= pageinfo.skindir .. pageinfo.skin.."/"..pageinfo.skin.."-ie.css" %>"> +<link rel="stylesheet" type="text/css" href="<%= html.html_escape(pageinfo.skindir .. pageinfo.skin.."/"..pageinfo.skin.."-ie.css") %>"> <![endif]--> </head> <body> @@ -39,7 +39,7 @@ end <div id="logo"> <div class="leader"></div> <h1>AlpineLinux</h1> - <p><%= hostname or "unknown hostname" %></p> + <p><%= html.html_escape(hostname or "unknown hostname") %></p> <div class="tailer"></div> </div> <span class="mute"> @@ -47,9 +47,9 @@ end <% local ctlr = pageinfo.script .. "/acf-util/logon/" if session.userinfo and session.userinfo.userid then - io.write ( string.format("\t\t\t\t\t\t<a href=\"%s\">Log out as '" .. session.userinfo.userid .. "'</a>\n", ctlr .. "logout" ) ) + io.write ( string.format("\t\t\t\t\t\t<a href=\"%s\">Log out as '" .. html.html_escape(session.userinfo.userid) .. "'</a>\n", html.html_escape(ctlr) .. "logout" ) ) else - io.write ( string.format("\t\t\t\t\t\t<a href=\"%s\">Log in</a>\n", ctlr .. "logon" ) ) + io.write ( string.format("\t\t\t\t\t\t<a href=\"%s\">Log in</a>\n", html.html_escape(ctlr) .. "logon" ) ) end %> | <a href="/">home</a> | @@ -72,7 +72,7 @@ end local tabs io.write ( "<ul>") for x,cat in ipairs(session.menu.cats) do - io.write (string.format("\n\t\t\t\t<li>%s\n\t\t\t\t\t<ul>\n", cat.name)) --start row + io.write (string.format("\n\t\t\t\t<li>%s\n\t\t\t\t\t<ul>\n", html.html_escape(cat.name))) --start row for y,group in ipairs(cat.groups) do if pageinfo.prefix == group.prefix .. '/' and pageinfo.controller == group.controller then class="class='selected'" @@ -81,7 +81,7 @@ end class="" end io.write (string.format("\t\t\t\t\t\t<li %s><a href=\"%s%s/%s/%s\">%s</a></li>\n", - class,pageinfo.script,group.prefix, group.controller, group.tabs[1].action, group.name )) + html.html_escape(class),html.html_escape(pageinfo.script),html.html_escape(group.prefix), html.html_escape(group.controller), html.html_escape(group.tabs[1].action), html.html_escape(group.name) )) end io.write ( "\t\t\t\t\t</ul>" ) end @@ -96,7 +96,7 @@ end <div id="postnav"> <div class="leader"> </div> - <h2><%= pageinfo.controller %> : <%= pageinfo.action %></h2> + <h2><%= html.html_escape(pageinfo.controller) %> : <%= html.html_escape(pageinfo.action) %></h2> <!-- FIXME: Next row is 'dead' data! Remove 'class=hide' when done! --> <p class='hide'>[ welcome ] > [ login ] > [ bgp ] > [ firewall ] > [ content filter ] > [ interfaces ]</p> <div class="tailer"> @@ -119,7 +119,7 @@ end class="" end io.write (string.format('<li %s><a %s href="%s">%s</a></li>\n', - class,class,tab.action,tab.name )) + html.html_escape(class),html.html_escape(class),html.html_escape(tab.action),html.html_escape(tab.name) )) end %> </ul> @@ -144,7 +144,7 @@ end <div id="footer"> <div class="leader"> </div> - <p>Page generated in <%= os.clock() %> seconds on <%= os.date() %>.</p> + <p>Page generated in <%= html.html_escape(os.clock()) %> seconds on <%= html.html_escape(os.date()) %>.</p> <div class="tailer"> </div> </div> <!-- footer --> |