wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...

[mir.git] / templates-dist / admin / head_nonavi.template

 <a name="top">
<table width="100%" cellspacing="0" cellpadding="0">
<tr bgcolor="#006600"><td><img src="${encodeHTML(config.docRoot)}/img/head_small.gif" border="0" align="middle">&nbsp;<font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="white">
        <b>${lang("imc.name")}</b></font></td></tr>
<if login_user><tr><td align="right"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#006600">
        <b>${encodeHTML(login_user.login)}</b> ${lang("head.logged_in")} /
        <a href="${encodeHTML(actionRoot)}?module=logout">${lang("head.logout")}</a></font>
        </td></tr>
</if>
<tr><td><hr></td></tr>
</table>