Adding "ESCAPE=HTML" to hidden input template variables in order to address bug 1919, "Form contents not escaped on login page"

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This commit is contained in:
Owen Leonard 2008-03-10 13:32:47 -05:00 committed by Joshua Ferraro
parent 1ce7cd7cbe
commit c55599974d

View file

@ -38,7 +38,7 @@
<!-- login prompt time--> <!-- login prompt time-->
<form action="<!-- TMPL_VAR NAME="url" -->" method="post" name="loginform" id="loginform"> <form action="<!-- TMPL_VAR NAME="url" -->" method="post" name="loginform" id="loginform">
<!-- TMPL_LOOP NAME="INPUTS" --> <!-- TMPL_LOOP NAME="INPUTS" -->
<input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" -->" /> <input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" ESCAPE="html" -->" />
<!-- /TMPL_LOOP --> <!-- /TMPL_LOOP -->
<p><label>Username:<br /> <p><label>Username:<br />
<input type="text" name="userid" id="userid" class="input focus" value="<!-- TMPL_VAR NAME="userid" -->" size="20" tabindex="1" /></label> <input type="text" name="userid" id="userid" class="input focus" value="<!-- TMPL_VAR NAME="userid" -->" size="20" tabindex="1" /></label>