Author: snoopdave Date: Fri Apr 13 08:00:52 2007 New Revision: 528514 URL: http://svn.apache.org/viewvc?view=rev&rev=528514 Log: Adding HTML escape for comment textarea
Modified: roller/branches/roller_2.3/web/WEB-INF/classes/comments.vm Modified: roller/branches/roller_2.3/web/WEB-INF/classes/comments.vm URL: http://svn.apache.org/viewvc/roller/branches/roller_2.3/web/WEB-INF/classes/comments.vm?view=diff&rev=528514&r1=528513&r2=528514 ============================================================================== --- roller/branches/roller_2.3/web/WEB-INF/classes/comments.vm (original) +++ roller/branches/roller_2.3/web/WEB-INF/classes/comments.vm Fri Apr 13 08:00:52 2007 @@ -232,7 +232,7 @@ <tr><th style="text-align: left">$text.get( "macro.weblog.yourcomment" )</th></tr> <tr> <td> - <textarea name="content" cols="50" rows="10">$commentForm.content</textarea><br /> + <textarea name="content" cols="50" rows="10">$utilities.escapeHTML($commentForm.content)</textarea><br /> <span class="comments-syntax-indicator"> $text.get( "macro.weblog.htmlsyntax" ) #if( $escapeHtml )