Enforce escaping on all template content

share/views/sidebar/device/netmap.tt

@@ -82,7 +82,7 @@
               rel="tooltip" data-placement="left" data-offset="5" data-title="Host Groups">
               [% FOREACH opt IN hgroup_list.pairs %]
               <option[% ' selected="selected"' IF hgroup_lkp.exists(opt.key) %]
-                value="[% opt.key %]">[% opt.value | html_entity %]</option>
+                value="[% opt.key | html_entity %]">[% opt.value | html_entity %]</option>
               [% END %]
             </select>
             [% END %]
@@ -92,7 +92,7 @@
               rel="tooltip" data-placement="left" data-offset="5" data-title="Device Locations">
               [% FOREACH loc IN lgroup_list %]
               <option[% ' selected="selected"' IF lgroup_lkp.exists(loc) %]
-                value="[% loc %]">[% loc | html_entity %]</option>
+                value="[% loc | html_entity %]">[% loc | html_entity %]</option>
               [% END %]
             </select>
             [% END %]
@@ -132,6 +132,6 @@
 
             </div>
 
-            <button id="[% tab.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% tab.tag | html_entity %]_submit" type="submit" class="btn btn-info">
                 <i class="icon-pencil icon-large pull-left nd_navbar-icon"></i>
             Redraw Map</button>

share/views/sidebar/device/ports.tt

@@ -89,7 +89,7 @@
                     <em class="muted">MAC address format:</em><br/>
                     <select id="nd_mac-format" name="mac_format">
                       [% FOREACH format IN [ 'IEEE', 'Cisco', 'Microsoft', 'Sun' ] %]
-                      <option[% ' selected="selected"' IF vars.sidebar_defaults.device_ports.mac_format == format %]>[% format %]</option>
+                      <option[% ' selected="selected"' IF vars.sidebar_defaults.device_ports.mac_format == format %]>[% format | html_entity %]</option>
                       [% END %]
                     </select>
                   </li>
@@ -116,12 +116,12 @@
                     <em class="muted">Mark as Free if Down for:</em><br/>
                     <select id="nd_days-select" name="age_num">
                       [% FOREACH count IN [1..31] %]
-                      <option[% ' selected="selected"' IF vars.sidebar_defaults.device_ports.age_num == count %]>[% count %]</option>
+                      <option[% ' selected="selected"' IF vars.sidebar_defaults.device_ports.age_num == count %]>[% count | html_entity %]</option>
                       [% END %]
                     </select>
                     <select id="nd_age-select" name="age_unit">
                       [% FOREACH unit IN [ 'days', 'weeks', 'months', 'years' ] %]
-                      <option[% ' selected="selected"' IF vars.sidebar_defaults.device_ports.age_unit == unit %]>[% unit %]</option>
+                      <option[% ' selected="selected"' IF vars.sidebar_defaults.device_ports.age_unit == unit %]>[% unit | html_entity %]</option>
                       [% END %]
                     </select>
                   </li>
@@ -140,7 +140,7 @@
               </div>
             </div>
             <div class="btn-group">
-              <button id="[% tab.tag %]_submit" type="submit" class="btn btn-info nd_sidebar-btn-drop">
+              <button id="[% tab.tag | html_entity %]_submit" type="submit" class="btn btn-info nd_sidebar-btn-drop">
                 <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Update View</button>
               <button class="btn btn-info dropdown-toggle nd_sidebar-btn-drop-drop" data-toggle="dropdown">
                 <span class="caret"></span>