[Rt-commit] r17175 - in rt/3.8/trunk: share/html/Elements/CollectionAsTable

[sartak at bestpractical.com]

Author: sartak
Date: Thu Dec 11 18:32:32 2008
New Revision: 17175

Modified:
   rt/3.8/trunk/   (props changed)
   rt/3.8/trunk/share/html/Elements/CollectionAsTable/Header
   rt/3.8/trunk/share/html/Elements/CollectionAsTable/Row

Log:
 r77039 at onn:  sartak | 2008-12-11 18:32:22 -0500
 Escape align, style, and span in search results


Modified: rt/3.8/trunk/share/html/Elements/CollectionAsTable/Header
==============================================================================
--- rt/3.8/trunk/share/html/Elements/CollectionAsTable/Header	(original)
+++ rt/3.8/trunk/share/html/Elements/CollectionAsTable/Header	Thu Dec 11 18:32:32 2008
@@ -91,7 +91,8 @@
     $item += ($span || 1);
 
     $m->out('<th class="collection-as-table"');
-    $m->out(' colspan="' . $span . '"') if $span;
+    $m->out('colspan="' . $m->interp->apply_escapes($span  => 'h') . '"')
+        if $span;
     $m->out('>');
 
     $title =~ s/^__(.*)__$/$1/o;

Modified: rt/3.8/trunk/share/html/Elements/CollectionAsTable/Row
==============================================================================
--- rt/3.8/trunk/share/html/Elements/CollectionAsTable/Row	(original)
+++ rt/3.8/trunk/share/html/Elements/CollectionAsTable/Row	Thu Dec 11 18:32:32 2008
@@ -131,9 +131,14 @@
         }
         s/\n/<br \/>/gs for @out;
     }
-    $m->out( 'align="'   . $align . '"' ) if $align;
-    $m->out( 'style="'   . $style . '"' ) if $style;
-    $m->out( 'colspan="' . $span  . '"' ) if $span;
+
+    $m->out( 'align="'   . $m->interp->apply_escapes( $align => 'h' ) . '"' )
+        if $align;
+    $m->out( 'style="'   . $m->interp->apply_escapes( $style => 'h' ) . '"' )
+        if $style;
+    $m->out( 'colspan="' . $m->interp->apply_escapes( $span  => 'h' ) . '"' )
+        if $span;
+
     $m->out('>');
     $m->out(@out) if @out;
     $m->out( '</td>' . "\n" );