Attribut "name" HTML-escapen.

author Moritz Bunkus <m.bunkus@linet-services.de>

Fri, 26 Sep 2008 08:28:48 +0000 (08:28 +0000)

committer Moritz Bunkus <m.bunkus@linet-services.de>

Fri, 26 Sep 2008 08:28:48 +0000 (08:28 +0000)
author Moritz Bunkus <m.bunkus@linet-services.de>
Fri, 26 Sep 2008 08:28:48 +0000 (08:28 +0000)
committer Moritz Bunkus <m.bunkus@linet-services.de>
Fri, 26 Sep 2008 08:28:48 +0000 (08:28 +0000)
diff --git a/templates/webpages/ct/form_header_de.html b/templates/webpages/ct/form_header_de.html

index 6102f12..f93de8c 100644 (file)
--- a/templates/webpages/ct/form_header_de.html
+++ b/templates/webpages/ct/form_header_de.html
@@ -47,7 +47,7 @@
  
       <tr>
        <th align="right" nowrap>Firmenname</th>
-      <td><input name="name" size="35" maxlength="75" value="[% name %]"></td>
+      <td><input name="name" size="35" maxlength="75" value="[% HTML.escape(name) %]"></td>
       </tr>
  
       <tr>
diff --git a/templates/webpages/ct/form_header_master.html b/templates/webpages/ct/form_header_master.html

index 9c81380..ef278a3 100644 (file)
--- a/templates/webpages/ct/form_header_master.html
+++ b/templates/webpages/ct/form_header_master.html
@@ -47,7 +47,7 @@
  
       <tr>
        <th align="right" nowrap><translate>Company Name</translate></th>
-      <td><input name="name" size="35" maxlength="75" value="[% name %]"></td>
+      <td><input name="name" size="35" maxlength="75" value="[% HTML.escape(name) %]"></td>
       </tr>
  
       <tr>
author	Moritz Bunkus <m.bunkus@linet-services.de>
	Fri, 26 Sep 2008 08:28:48 +0000 (08:28 +0000)
committer	Moritz Bunkus <m.bunkus@linet-services.de>
	Fri, 26 Sep 2008 08:28:48 +0000 (08:28 +0000)
templates/webpages/ct/form_header_de.html		patch \| blob \| history
templates/webpages/ct/form_header_master.html		patch \| blob \| history