From: Ivan Kohler <ivan@freeside.biz>
Date: Tue, 18 Jun 2013 22:26:26 +0000 (-0700)
Subject: fix XSS
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=28de2695cb889d0dc3d1b3425582f069643edcd9;p=freeside.git

fix XSS
---

diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html
index de01c3d55..2d1201b51 100644
--- a/httemplate/view/elements/svc_Common.html
+++ b/httemplate/view/elements/svc_Common.html
@@ -63,11 +63,13 @@ function areyousure(href) {
 %   if ( ref($f) ) {
 %     $field = $f->{'field'};
 %     $hack_strict_refs = \&{ $f->{'value'} } if $f->{'value'};
-%     $value = $f->{'value'} ? &$hack_strict_refs($svc_x) : $svc_x->$field;
+%     $value = $f->{'value'}
+%                ? &$hack_strict_refs($svc_x)
+%                : encode_entities($svc_x->$field);
 %     $type  = $f->{'type'} || 'text';
 %   } else {
 %     $field = $f;
-%     $value = $svc_x->$field;
+%     $value = encode_entities($svc_x->$field);
 %     $type = 'text';
 %   }
 %