Commit 72a3e69b authored by Ted Trask's avatar Ted Trask

Modified html.lua and viewlibrary.lua and all html files to html_escape...

Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/ipsec-tools/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
parent cad10c9d
......@@ -9,7 +9,7 @@ io.write("</span>")
<% viewlibrary.dispatch_component("status") %>
<H2><%= data.label %></H2>
<H2><%= html.html_escape(data.label) %></H2>
<DL>
<%
if not data.value.show_isakmp or #data.value.show_isakmp.value == 0 then
......@@ -23,13 +23,13 @@ else
else
io.write("idle")
end
io.write(".png' width='16' height='16'> ".. entry.Destination.value .. "</H3>")
io.write(".png' width='16' height='16'> ".. html.html_escape(entry.Destination.value) .. "</H3>")
io.write("<TABLE>\n")
local tags = {"Created","Source","Destination", "St", "Phase2details"}
for j,tag in pairs(tags) do
io.write("<TR><TD STYLE='font-weight:bold;width:120px;border:none;'>" ..
(entry[tag].label or "") .. "</TD><TD STYLE='border:none;'>"..(entry[tag].value or ""))
if (entry[tag].descr) and (#entry[tag].descr > 0) then io.write(" (".. entry[tag].descr .. ")") end
html.html_escape(entry[tag].label) .. "</TD><TD STYLE='border:none;'>"..html.html_escape(entry[tag].value))
if (entry[tag].descr) and (#entry[tag].descr > 0) then io.write(" (".. html.html_escape(entry[tag].descr) .. ")") end
io.write("</TD></TR>")
end
io.write("</TABLE>")
......
......@@ -4,7 +4,7 @@
<% displaycommandresults({"deletecert"}, session) %>
<% displaycommandresults({"uploadcert"}, session, true) %>
<H1><%= view.label %></H1>
<H1><%= html.html_escape(view.label) %></H1>
<DL>
<TABLE>
......@@ -20,7 +20,7 @@
<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/viewcert?cert="..cert.."&redir="..page_info.orig_action, label="View "} %>
<% end %>
</TD>
<TD style="white-space:nowrap;"><%= cert %></TD>
<TD style="white-space:nowrap;"><%= html.html_escape(cert) %></TD>
</TR>
<% end %>
</TABLE>
......
......@@ -5,7 +5,7 @@
io.write(html.cfe_unpack(form))
--]] %>
<H1><%= form.label %></H1>
<H1><%= html.html_escape(form.label) %></H1>
<%
-- This is a kludge to get file upload working
form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action .. '" enctype="multipart/form-data'
......
......@@ -5,4 +5,4 @@ io.write(html.cfe_unpack(view))
--]] %>
<H1>Certificate Details</H1>
<pre><%= view.value.value %></pre>
<pre><%= html.html_escape(view.value.value) %></pre>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment