From 9760cdc40e900328990e3c91a7ea99eb43d70c21 Mon Sep 17 00:00:00 2001
From: Christopher Burger <burgerc@freeside.biz>
Date: Fri, 30 Jun 2017 13:24:29 -0400
Subject: [PATCH] RT# 74666 - fixed vulnerability by escaping
 quotation_description var

---
 httemplate/view/quotation.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httemplate/view/quotation.html b/httemplate/view/quotation.html
index aba1f0ab3..d4d79d72c 100755
--- a/httemplate/view/quotation.html
+++ b/httemplate/view/quotation.html
@@ -2,7 +2,7 @@
 <& /elements/header-cust_main.html, view=>'quotations', custnum=>$quotation->custnum &>
 <h2>Quotation #<% $quotationnum %>
 % if ($quotation->quotation_description) {
-(<% $quotation->quotation_description %>)  
+(<% $quotation->quotation_description |h %>)  
 % } 
 </h2>
 % } else { #eventually, header-prospect_main.html
-- 
2.11.0