From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 10 Nov 2016 19:40:07 +0000 (-0800)
Subject: xss
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=b97efa7ea7e8f10ea017f20a31ea48e7db8044e5

xss
---

diff --git a/httemplate/elements/table-tickets.html b/httemplate/elements/table-tickets.html
index bc02c7c4b..c63a55e56 100644
--- a/httemplate/elements/table-tickets.html
+++ b/httemplate/elements/table-tickets.html
@@ -53,7 +53,7 @@ View
     </TD>
   
     <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
-      <A HREF=<%$href%>><% $ticket->{subject} %></A>
+      <A HREF=<%$href%>><% $ticket->{subject} |h %></A>
     </TD>
   
     <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
@@ -65,7 +65,7 @@ View
     </TD>
   
     <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
-      <% $ticket->{owner} %>
+      <% $ticket->{owner} |h %>
     </TD>
 
     <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
@@ -80,12 +80,13 @@ View
       <% $ticket->{content}
            ? $ticket->{content}.' ('.$ticket->{priority}.')'
            : $ticket->{priority}
+         |h
       %>
     </TD>
 
 %   if ( $ss_priority ) {
     <TD ALIGN="right" CLASS="grid" BGCOLOR="<% $bgcolor %>">
-      <% $ticket->{"CF.{$ss_priority}"} %>
+      <% $ticket->{"CF.{$ss_priority}"} |h %>
     </TD>
 %   }
 %   if ( $object->isa('FS::cust_main') ) {