From 49c4e1a56043c1c3140abc4b982c0e10275ea2a4 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 14 Dec 2007 10:00:41 +0000
Subject: [PATCH] Status template: Escape output of attributes.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@108 44740490-163a-0410-bde0-09ae8108e29a
---
 templates/default/en/status.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/default/en/status.php b/templates/default/en/status.php
index 6f675499a..e38885d7a 100644
--- a/templates/default/en/status.php
+++ b/templates/default/en/status.php
@@ -21,13 +21,13 @@
 			$attributes = $data['attributes'];
 			foreach ($attributes AS $name => $value) {
 				if (sizeof($value) > 1) {
-					echo '<tr><td>' . $name . '</td><td><ul>';
+					echo '<tr><td>' . htmlspecialchars($name) . '</td><td><ul>';
 					foreach ($value AS $v) {
-						echo '<li>' . $v . '</li>';
+						echo '<li>' . htmlspecialchars($v) . '</li>';
 					}
 					echo '</ul></td></tr>';
 				} else {
-					echo '<tr><td>' . $name . '</td><td>' . $value[0] . '</td></tr>';
+					echo '<tr><td>' . htmlspecialchars($name) . '</td><td>' . htmlspecialchars($value[0]) . '</td></tr>';
 				}
 			}
 			
-- 
GitLab