From b97efa7ea7e8f10ea017f20a31ea48e7db8044e5 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 10 Nov 2016 11:40:07 -0800
Subject: [PATCH] xss

---
 httemplate/elements/table-tickets.html | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/httemplate/elements/table-tickets.html b/httemplate/elements/table-tickets.html
index bc02c7c4b..c63a55e56 100644
--- a/httemplate/elements/table-tickets.html
+++ b/httemplate/elements/table-tickets.html
@@ -53,7 +53,7 @@ View
     </TD>
   
     <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
-      <A HREF=<%$href%>><% $ticket->{subject} %></A>
+      <A HREF=<%$href%>><% $ticket->{subject} |h %></A>
     </TD>
   
     <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
@@ -65,7 +65,7 @@ View
     </TD>
   
     <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
-      <% $ticket->{owner} %>
+      <% $ticket->{owner} |h %>
     </TD>
 
     <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
@@ -80,12 +80,13 @@ View
       <% $ticket->{content}
            ? $ticket->{content}.' ('.$ticket->{priority}.')'
            : $ticket->{priority}
+         |h
       %>
     </TD>
 
 %   if ( $ss_priority ) {
     <TD ALIGN="right" CLASS="grid" BGCOLOR="<% $bgcolor %>">
-      <% $ticket->{"CF.{$ss_priority}"} %>
+      <% $ticket->{"CF.{$ss_priority}"} |h %>
     </TD>
 %   }
 %   if ( $object->isa('FS::cust_main') ) {
-- 
2.11.0