Enforce escaping on all template content

share/views/sidebar/report/ipinventory.tt

@@ -37,7 +37,7 @@
                     <select id="nd_mac-format" class="nd_side-select" name="limit">
                       [% FOREACH size IN [ '32', '64', '128', '256', '512', '1024', '2048', '4096', '8192' ] %]
                       <option[% ' selected="selected"' IF (params.limit == size OR (NOT params.limit AND size == 2048)) %]>
-                        [% size %]</option>
+                        [% size | html_entity %]</option>
                       [% END %]
                     </select>
                   </li>
@@ -55,6 +55,6 @@
               </div>
             </fieldset>
 
-            <button id="[% report.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% report.tag | html_entity %]_submit" type="submit" class="btn btn-info">
              <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Search IPs</button>
 

share/views/sidebar/report/moduleinventory.tt

@@ -74,5 +74,5 @@
               </label>
             </div>
             </fieldset>
-            <button id="[% tab.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% tab.tag | html_entity %]_submit" type="submit" class="btn btn-info">
               <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Search Modules</button>

share/views/sidebar/report/netbios.tt

@@ -14,6 +14,6 @@
               </select>
             </div>
 
-            <button id="[% report.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% report.tag | html_entity %]_submit" type="submit" class="btn btn-info">
              <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Search NetBIOS</button>
 

share/views/sidebar/report/nodesdiscovered.tt

@@ -48,5 +48,5 @@
                 <span class="nd_searchcheckbox uneditable-input">Match All Options</span>
               </label>
             </div>
-            <button id="[% tab.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% tab.tag | html_entity %]_submit" type="submit" class="btn btn-info">
               <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Search Nodes</button>

share/views/sidebar/report/nodevendor.tt

@@ -35,6 +35,6 @@
                 </div>
             </fieldset>
 
-            <button id="[% report.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% report.tag | html_entity %]_submit" type="submit" class="btn btn-info">
              <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Search Vendors</button>
 

share/views/sidebar/report/portmultinodes.tt

@@ -5,6 +5,6 @@
                 name="vlan" value="[% params.vlan | html_entity %]" type="text"
                 rel="tooltip" data-placement="left" data-offset="5" data-title="VLAN"/>
             </div>
-            <button id="[% tab.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% tab.tag | html_entity %]_submit" type="submit" class="btn btn-info">
                 <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Search Ports</button>
 

share/views/sidebar/report/portssid.tt

@@ -10,6 +10,6 @@
               </select>
             </div>
 
-            <button id="[% report.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% report.tag | html_entity %]_submit" type="submit" class="btn btn-info">
              <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Search SSID</button>
 

share/views/sidebar/report/portutilization.tt

@@ -4,16 +4,16 @@
               <em class="muted">Mark as Free if Down for:</em><br/>
               <select id="nd_days-select" name="age_num">
                 [% FOREACH count IN [1..31] %]
-                <option[% ' selected="selected"' IF vars.sidebar_defaults.report_portutilization.age_num == count %]>[% count %]</option>
+                <option[% ' selected="selected"' IF vars.sidebar_defaults.report_portutilization.age_num == count %]>[% count | html_entity %]</option>
                 [% END %]
               </select>
               <select id="nd_age-select" name="age_unit">
                 [% FOREACH unit IN [ 'days', 'weeks', 'months', 'years' ] %]
-                <option[% ' selected="selected"' IF vars.sidebar_defaults.report_portutilization.age_unit == unit %]>[% unit %]</option>
+                <option[% ' selected="selected"' IF vars.sidebar_defaults.report_portutilization.age_unit == unit %]>[% unit | html_entity %]</option>
                 [% END %]
               </select>
             </div>
 
-            <button id="[% report.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% report.tag | html_entity %]_submit" type="submit" class="btn btn-info">
              <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Run Report</button>
 

share/views/sidebar/report/subnets.tt

@@ -28,5 +28,5 @@
               </div>
             </fieldset>
 
-            <button id="[% report.tag %]_submit" type="submit" class="btn btn-info">
+            <button id="[% report.tag | html_entity %]_submit" type="submit" class="btn btn-info">
              <i class="icon-search icon-large pull-left nd_navbar-icon"></i> Search Subnets</button>