]> git.phdru.name Git - m_librarian.git/blobdiff - m_librarian/web/views/books_by_author.tmpl
projects / m_librarian.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix(web): Escape attributes values and texts
[m_librarian.git] / m_librarian / web / views / books_by_author.tmpl
diff --git a/m_librarian/web/views/books_by_author.tmpl b/m_librarian/web/views/books_by_author.tmpl
index 96897e97c6876464d937a514878f7801236e5e3b..668e4453b079cf764b78c3e7e1a529b0531386b0 100644 (file)
--- a/m_librarian/web/views/books_by_author.tmpl
+++ b/m_librarian/web/views/books_by_author.tmpl
@@ -1,4 +1,5 @@
 #encoding utf-8
+#import cgi
 #extends views.layout
 #attr $title = 'Список книг автора'
 #def body
@@ -16,13 +17,13 @@
   #set $series = $book.series
   <optgroup label="#slurp
   #if $book.series
-$series#slurp
+$cgi.escape($series, 1)#slurp
   #else
 Вне серий#slurp
   #end if
 ">
   #end if
-  <option value="$book.id">$book.ser_no $book.title</option>
+  <option value="$book.id">$book.ser_no $cgi.escape($book.title)</option>
   #end for
   </optgroup>
   </select>
Broytman Librarian for LibRusEc and Flibusta libraries