URI and HTML escape template variables

2013-03-02 18:18:46 +00:00
parent 043eef9d4d
commit 8e9466b64f
19 changed files with 135 additions and 133 deletions
--- a/Netdisco/share/views/sidebar/search/node.tt
+++ b/Netdisco/share/views/sidebar/search/node.tt
@@ -1,6 +1,6 @@

            <p class="nd_sidebar_title"><em>Node Search Options</em></p>
-            <input name="q" value="[% params.q %]" type="hidden"/>
+            <input name="q" value="[% params.q | html_entity %]" type="hidden"/>
            <div class="clearfix input-prepend">
              <label class="add-on">
                <input type="checkbox" id="stamps"