wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...

[mir.git] / templates-dist / admin / fileeditlist.template

diff --git a/templates-dist/admin/fileeditlist.template b/templates-dist/admin/fileeditlist.template
index d52131c..5c7798d 100755 (executable)
--- a/templates-dist/admin/fileeditlist.template
+++ b/templates-dist/admin/fileeditlist.template
@@ -22,8 +22,8 @@
         <tr
         <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
         >
-                <td>${entry}&nbsp;</td>
-                <td><font size="1"><a href="${config.actionRoot}?module=FileEdit&do=edit&filename=${entry}">${lang("edit")}</a></font></td>
+                <td>${encodeHTML(entry)}&nbsp;</td>
+                <td><font size="1"><a href="${encodeHTML(config.actionRoot)}?module=FileEdit&do=edit&filename=${encodeHTML(entry)}">${lang("edit")}</a></font></td>
         </tr>
   </list>