projects / kivitendo-erp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
XSS: Filter Summary im DeliveryPlan richtig escapen.
[kivitendo-erp.git] / templates / webpages / delivery_plan / _filter.html
diff --git a/templates/webpages/delivery_plan/_filter.html b/templates/webpages/delivery_plan/_filter.html
index 087e821..d537630 100644 (file)
--- a/templates/webpages/delivery_plan/_filter.html
+++ b/templates/webpages/delivery_plan/_filter.html
@@ -5,7 +5,7 @@
 <form action='controller.pl' method='post'>
 <div class='filter_toggle'>
 <a href='#' onClick='javascript:$(".filter_toggle").toggle()'>[% 'Show Filter' | $T8 %]</a>
-  [% SELF.filter_summary %]
+  [% SELF.filter_summary | html %]
 </div>
 <div class='filter_toggle' style='display:none'>
 <a href='#' onClick='javascript:$(".filter_toggle").toggle()'>[% 'Hide Filter' | $T8 %]</a>
Unnamed repository; edit this file 'description' to name the repository.