Attribut "name" HTML-escapen.
authorMoritz Bunkus <m.bunkus@linet-services.de>
Fri, 26 Sep 2008 08:28:48 +0000 (08:28 +0000)
committerMoritz Bunkus <m.bunkus@linet-services.de>
Fri, 26 Sep 2008 08:28:48 +0000 (08:28 +0000)
templates/webpages/ct/form_header_de.html
templates/webpages/ct/form_header_master.html

index 6102f12..f93de8c 100644 (file)
@@ -47,7 +47,7 @@
 
      <tr>
       <th align="right" nowrap>Firmenname</th>
-      <td><input name="name" size="35" maxlength="75" value="[% name %]"></td>
+      <td><input name="name" size="35" maxlength="75" value="[% HTML.escape(name) %]"></td>
      </tr>
 
      <tr>
index 9c81380..ef278a3 100644 (file)
@@ -47,7 +47,7 @@
 
      <tr>
       <th align="right" nowrap><translate>Company Name</translate></th>
-      <td><input name="name" size="35" maxlength="75" value="[% name %]"></td>
+      <td><input name="name" size="35" maxlength="75" value="[% HTML.escape(name) %]"></td>
      </tr>
 
      <tr>