From: Ivan Kohler <ivan@freeside.biz>
Date: Fri, 5 Feb 2016 12:46:51 +0000 (-0800)
Subject: xss
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=3ded5e72c073b5291b02eff3131b74d834d27867

xss
---

diff --git a/httemplate/misc/confirm-address_standardize.html b/httemplate/misc/confirm-address_standardize.html
index 0a05c70bd..9d1a5c135 100644
--- a/httemplate/misc/confirm-address_standardize.html
+++ b/httemplate/misc/confirm-address_standardize.html
@@ -34,18 +34,18 @@ Confirm address standardization
   </TR>
   <TR>
 %     if ( $old{$pre.'company'} ) {
-    <TD><% $old{$pre.'company'} %></TD>
+    <TD><% $old{$pre.'company'} |h %></TD>
 %     }
   </TR>
   <TR>
-    <TD><% $old{$pre.'address1'} %></TD>
+    <TD><% $old{$pre.'address1'} |h %></TD>
     <TD ROWSPAN=3><FONT COLOR="#ff0000"><B><% $new{$pre.'error'} %></B></FONT></TD>
   </TR>
   <TR>
-    <TD><% $old{$pre.'address2'} %></TD>
+    <TD><% $old{$pre.'address2'} |h %></TD>
   </TR>
   <TR>
-    <TD><% $old{$pre.'city'} %>, <% $old{$pre.'state'} %>  <% $old{$pre.'zip'} %></TD>
+    <TD><% $old{$pre.'city'} |h %>, <% $old{$pre.'state'} |h %>  <% $old{$pre.'zip'} |h %></TD>
   </TR>
 %   } else { # not an error
 %     $rows++ if !$new{$pre.'addr_clean'};
@@ -68,21 +68,21 @@ Confirm address standardization
   <TR>
 %     if ( $old{$pre.'company'} ) {
   <TR>
-    <TD><% $old{$pre.'company'} %></TD>
-    <TD><% $new{$pre.'company'} %></TD>
+    <TD><% $old{$pre.'company'} |h %></TD>
+    <TD><% $new{$pre.'company'} |h %></TD>
   </TR>
 %     }
   <TR>
-    <TD><% $old{$pre.'address1'} %></TD>
-    <TD><% $new{$pre.'address1'} %></TD>
+    <TD><% $old{$pre.'address1'} |h %></TD>
+    <TD><% $new{$pre.'address1'} |h %></TD>
   </TR>
   <TR>
-    <TD><% $old{$pre.'address2'} %></TD>
-    <TD><% $new{$pre.'address2'} %></TD>
+    <TD><% $old{$pre.'address2'} |h %></TD>
+    <TD><% $new{$pre.'address2'} |h %></TD>
   </TR>
   <TR>
-    <TD><% $old{$pre.'city'} %>, <% $old{$pre.'state'} %>  <% $old{$pre.'zip'} %></TD>
-    <TD><% $new{$pre.'city'} %>, <% $new{$pre.'state'} %>  <% $new{$pre.'zip'} %></TD>
+    <TD><% $old{$pre.'city'} |h %>, <% $old{$pre.'state'} |h %>  <% $old{$pre.'zip'} |h %></TD>
+    <TD><% $new{$pre.'city'} |h %>, <% $new{$pre.'state'} |h %>  <% $new{$pre.'zip'} |h %></TD>
   </TR>
 
 %   } # if error
diff --git a/httemplate/misc/confirm-censustract.html b/httemplate/misc/confirm-censustract.html
index 024bc17c4..10ae91812 100644
--- a/httemplate/misc/confirm-censustract.html
+++ b/httemplate/misc/confirm-censustract.html
@@ -13,8 +13,8 @@ Census tract error
 Confirm census tract
 % }
 </B><BR>
-<% $location{address1} %> <% $location{address2} %><BR>
-<% $location{city} %>, <% $location{state} %> <% $location{zip} %><BR>
+<% $location{address1} |h %> <% $location{address2} |h %><BR>
+<% $location{city} |h %>, <% $location{state} |h %> <% $location{zip} |h %><BR>
 <BR>
 % my $querystring = "census_year=$year&latitude=".$cache->get('latitude').'&longitude='.$cache->get('longitude');
 <A HREF="http://maps.ffiec.gov/FFIECMapper/TGMapSrv.aspx?<% $querystring %>"