projects / catagits/Catalyst-Manual.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (parent: 583938b)
RT #62095: prevent XSS
Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯 [Tue, 15 Feb 2011 15:02:35 +0000 (16:02 +0100)]
https://rt.cpan.org/Ticket/Display.html?id=62095

lib/Catalyst/Manual/Tutorial/04_BasicCRUD.pod patch | blob | blame | history

diff --git a/lib/Catalyst/Manual/Tutorial/04_BasicCRUD.pod b/lib/Catalyst/Manual/Tutorial/04_BasicCRUD.pod
index f7f5f1b..50f1be4 100644 (file)
--- a/lib/Catalyst/Manual/Tutorial/04_BasicCRUD.pod
+++ b/lib/Catalyst/Manual/Tutorial/04_BasicCRUD.pod
@@ -886,7 +886,7 @@ query parameter:
     ...
     <div id="content">
         [%# Status and error messages %]
-        <span class="message">[% status_msg || c.request.params.status_msg %]</span>
+        <span class="message">[% status_msg || c.request.params.status_msg | html %]</span>
         <span class="error">[% error_msg %]</span>
         [%# This is where TT will stick all of your template's contents. -%]
         [% content %]
Unnamed repository; edit this file 'description' to name the repository.