From bd99372ef3a5e413d812888402b1bb15856c138f Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Tue, 26 Mar 2013 16:52:24 -0700
Subject: [PATCH] fix XSS

---
 httemplate/edit/bulk-part_pkg.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httemplate/edit/bulk-part_pkg.html b/httemplate/edit/bulk-part_pkg.html
index 751bf7e5d..a1c6f0c9b 100644
--- a/httemplate/edit/bulk-part_pkg.html
+++ b/httemplate/edit/bulk-part_pkg.html
@@ -12,7 +12,7 @@
 The following packages will be changed:<BR>
 % foreach my $pkgpart (sort keys(%part_pkg)) {
 <INPUT TYPE="hidden" NAME="pkgpart" VALUE="<% $pkgpart %>">
-<% $part_pkg{$pkgpart}->pkg_comment %><BR>
+<% $part_pkg{$pkgpart}->pkg_comment |h %><BR>
 % }
 </DIV>
 <BR>
-- 
2.11.0