XSS: Filter Summary im DeliveryPlan richtig escapen.

author Sven Schöling <s.schoeling@linet-services.de>

Tue, 23 Jul 2013 09:34:49 +0000 (11:34 +0200)

committer Sven Schöling <s.schoeling@linet-services.de>

Tue, 23 Jul 2013 09:34:49 +0000 (11:34 +0200)
author Sven Schöling <s.schoeling@linet-services.de>
Tue, 23 Jul 2013 09:34:49 +0000 (11:34 +0200)
committer Sven Schöling <s.schoeling@linet-services.de>
Tue, 23 Jul 2013 09:34:49 +0000 (11:34 +0200)
diff --git a/templates/webpages/delivery_plan/_filter.html b/templates/webpages/delivery_plan/_filter.html

index 087e821..d537630 100644 (file)
--- a/templates/webpages/delivery_plan/_filter.html
+++ b/templates/webpages/delivery_plan/_filter.html
@@ -5,7 +5,7 @@
  <form action='controller.pl' method='post'>
  <div class='filter_toggle'>
  <a href='#' onClick='javascript:$(".filter_toggle").toggle()'>[% 'Show Filter' | $T8 %]</a>
-  [% SELF.filter_summary %]
+  [% SELF.filter_summary | html %]
  </div>
  <div class='filter_toggle' style='display:none'>
  <a href='#' onClick='javascript:$(".filter_toggle").toggle()'>[% 'Hide Filter' | $T8 %]</a>
author	Sven Schöling <s.schoeling@linet-services.de>
	Tue, 23 Jul 2013 09:34:49 +0000 (11:34 +0200)
committer	Sven Schöling <s.schoeling@linet-services.de>
	Tue, 23 Jul 2013 09:34:49 +0000 (11:34 +0200)