From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 10 Mar 2016 00:11:02 +0000 (-0800)
Subject: xss
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=b36492836515311a95609f3c23d5292eb95f435f

xss
---

diff --git a/httemplate/search/quotation.html b/httemplate/search/quotation.html
index 2eba71cb0..16affeb02 100755
--- a/httemplate/search/quotation.html
+++ b/httemplate/search/quotation.html
@@ -27,7 +27,7 @@
                          $prospect_main ? $prospect_main->name : '';
                        },
                    sub { my $cust_main = shift->cust_main;
-                         $cust_main ? $cust_main->name : '';
+                         $cust_main ? encode_entities($cust_main->name) : '';
                        },
                    'confidence',
                    sub { my $quot = shift;