[Zope-Checkins] CVS: Zope/lib/python/Products/ZGadflyDA/dtml - tables.dtml:1.2.212.1
Florent Guillaume
fg@nuxeo.com
Sun, 22 Dec 2002 11:16:47 -0500
Update of /cvs-repository/Zope/lib/python/Products/ZGadflyDA/dtml
In directory cvs.zope.org:/tmp/cvs-serv2325/lib/python/Products/ZGadflyDA/dtml
Modified Files:
Tag: Zope-2_6-branch
tables.dtml
Log Message:
Fixed insufficient quoting in a number of DTML files when displaying
the title. This closes some actual and potential XSS holes. (Collector #595)
=== Zope/lib/python/Products/ZGadflyDA/dtml/tables.dtml 1.2 => 1.2.212.1 ===
--- Zope/lib/python/Products/ZGadflyDA/dtml/tables.dtml:1.2 Mon Jan 8 17:47:04 2001
+++ Zope/lib/python/Products/ZGadflyDA/dtml/tables.dtml Sun Dec 22 11:16:16 2002
@@ -1,10 +1,10 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
- <head><title><dtml-var title_or_id> tables</title></head>
+ <head><title>&dtml-title_or_id; tables</title></head>
<body bgcolor="#FFFFFF" link="#000099" vlink="#555555" alink="#77003B">
<dtml-var manage_tabs>
- <h2><dtml-var title_or_id> tables</h2>
+ <h2>&dtml-title_or_id; tables</h2>
<form action="manage_wizard" method="POST">
<table cellspacing="2">