diff --git a/share/templates/helpers/pref_table.tt b/share/templates/helpers/pref_table.tt
index 6cf9894e8f..6b7e33c589 100644
--- a/share/templates/helpers/pref_table.tt
+++ b/share/templates/helpers/pref_table.tt
@@ -57,7 +57,7 @@
}); return false;">
[% UNLESS c.user.roles == 'subscriber' || c.user.roles == 'subscriberadmin' -%]
- | [% r.attribute %] |
+ [% r.attribute | html %] |
[% END -%]
[% c.loc(r.label||" ") %]
@@ -67,72 +67,72 @@
[% ELSIF r.attribute == "cdr_export_sclidui_rwrs" -%]
[% ELSIF r.attribute == "header_rule_set" -%]
[% ELSIF r.attribute == "ncos" -%]
[% ELSIF r.attribute == "adm_ncos" -%]
[% ELSIF r.attribute == "adm_cf_ncos" -%]
[% ELSIF r.attribute == "emergency_mapping_container" -%]
[% ELSIF r.attribute == "sound_set" -%]
[% ELSIF r.attribute == "contract_sound_set" -%]
[% ELSIF r.attribute == "allowed_ips" -%]
[% FOR ipnet IN r.allowed_ips_rs.all -%]
- [% ipnet.ipnet -%]
+ [% ipnet.ipnet | html -%]
[% END -%]
[% ELSIF r.attribute == "man_allowed_ips" -%]
[% FOR ipnet IN r.man_allowed_ips_rs.all -%]
- [% ipnet.ipnet -%]
+ [% ipnet.ipnet | html -%]
[% END -%]
[% ELSIF r.data_type == "boolean" %]
@@ -140,13 +140,13 @@
[% IF r.value %]checked="checked"[% END %]/>
[% ELSIF r.data_type == "string" || r.data_type == "int" %]
[% IF r.max_occur == 1 %]
- [% r.value %]
+ [% r.value | html %]
[% ELSE %]
[% FOR value IN r.value -%]
[% IF value.substr(0,1) == '#' -%]
- [% value.substr(1) %]
+ [% value.substr(1) | html %]
[% ELSE -%]
- [% value %]
+ [% value | html %]
[% END -%]
[% END %]
@@ -154,7 +154,7 @@
[% ELSIF r.data_type == "enum" %]
[% END %]
diff --git a/share/templates/subscriber/preferences.tt b/share/templates/subscriber/preferences.tt
index 74ed9a5f63..fa30191e9a 100644
--- a/share/templates/subscriber/preferences.tt
+++ b/share/templates/subscriber/preferences.tt
@@ -137,13 +137,14 @@ $( document ).ready(function() {
always
[% jdx = jdx + 1 %]
[% ELSE -%]
- [% maps.tset_name -%]
+ [% escaped_tset_name = maps.tset_name | html -%]
+ [% escaped_tset_name -%]
[% tset_unique_id = cf.type _ idx _ jdx _ maps.id -%]
- [% modal_header_dynamic(m.header = c.loc('Timeset "[_1]" Details', maps.tset_name), m.id=tset_unique_id) %]
+ [% modal_header_dynamic(m.header = c.loc('Timeset "[_1]" Details', escaped_tset_name), m.id=tset_unique_id) %]
[% FOR p IN maps.periods -%]
- [% p.as_string %]
+ [% p.as_string | html %]
[% END -%]
[% modal_footer() %]
@@ -161,13 +162,13 @@ $( document ).ready(function() {
[% c.loc('all sources'); %]
[% jdx = jdx + 1 %]
[% ELSE -%]
- [% maps.sset_name -%] ([% maps.sset_mode -%])
+ [% maps.sset_name | html -%] ([% maps.sset_mode -%])
[% sset_unique_id = cf.type _ idx _ jdx _ maps.id _ 's' -%]
[% modal_header_dynamic(m.header = c.loc('Sourceset "[_1]" Details', maps.sset_name), m.id=sset_unique_id) %]
[% FOR s IN maps.sources -%]
- [% s.as_string %]
+ [% s.as_string | html %]
[% END -%]
[% modal_footer() %]
@@ -186,13 +187,14 @@ $( document ).ready(function() {
[% c.loc('any number'); %]
[% jdx = jdx + 1 %]
[% ELSE -%]
- [% maps.bset_name -%] ([% maps.bset_mode -%])
+ [% escaped_bset_name = maps.bset_name | html -%]
+ [% escaped_bset_name -%] ([% maps.bset_mode -%])
[% bset_unique_id = cf.type _ idx _ '-' _ jdx _ '-' _ maps.id _ 'b' -%]
- [% modal_header_dynamic(m.header = c.loc('B-Number Set "[_1]" Details', maps.bset_name), m.id=bset_unique_id) %]
+ [% modal_header_dynamic(m.header = c.loc('B-Number Set "[_1]" Details', escaped_bset_name), m.id=bset_unique_id) %]
[% FOR s IN maps.bnumbers -%]
- [% s.as_string %]
+ [% s.as_string | html %]
[% END -%]
[% modal_footer() %]
@@ -209,17 +211,22 @@ $( document ).ready(function() {
[% idx = 0 -%]
[% FOR maps IN cf_destinations.${cf.type} -%]
[% IF maps.dset_name.search('^quickset_') && maps.destinations.size == 1 %]
+ [% FILTER html -%]
[% PROCESS print_destination d=maps.destinations.0; -%]
+ [% END -%]
[% ELSE %]
[% jdx = 0 -%]
- [% maps.dset_name -%]
+ [% escaped_dset_name = maps.dset_name | html -%]
+ [% escaped_dset_name -%]
[% dset_unique_id = cf.type _ "dset" _ idx _ jdx _ maps.id -%]
- [% modal_header_dynamic(m.header = c.loc('Destination Set "[_1]" Details', maps.dset_name), m.id=dset_unique_id) %]
+ [% modal_header_dynamic(m.header = c.loc('Destination Set "[_1]" Details', escaped_dset_name), m.id=dset_unique_id) %]
[% FOR d IN maps.destinations -%]
+ [% FILTER html -%]
[% PROCESS print_destination d=d; %]
+ [% END -%]
[% jdx = jdx + 1 -%]
[% END -%]
@@ -275,7 +282,7 @@ $( document ).ready(function() {
|
| [% c.loc('PIN') %] |
- [% subscriber.provisioning_voip_subscriber.voicemail_user.password %]
+ [% subscriber.provisioning_voip_subscriber.voicemail_user.password | html %]
|
@@ -289,7 +296,7 @@ $( document ).ready(function() {
| [% c.loc('Email') %] |
- [% subscriber.provisioning_voip_subscriber.voicemail_user.email %]
+ [% subscriber.provisioning_voip_subscriber.voicemail_user.email | html %]
|
@@ -332,7 +339,7 @@ $( document ).ready(function() {
| [% c.loc('SMS Number') %] |
- [% subscriber.provisioning_voip_subscriber.voicemail_user.pager %]
+ [% subscriber.provisioning_voip_subscriber.voicemail_user.pager | html %]
|
@@ -409,7 +416,7 @@ $( document ).ready(function() {
| [% c.loc('Name in Fax Header for Sendfax') %] |
- [% faxpref.name %]
+ [% faxpref.name | html %]
|
@@ -442,7 +449,9 @@ $( document ).ready(function() {
[% c.loc('Destinations') %] |
[% FOR faxdest IN faxdests -%]
+ [% FILTER html -%]
[% c.loc('[_1] as [_2]', faxdest.destination, faxdest.filetype) %]
+ [% END -%]
[% END -%]
|
@@ -524,7 +533,7 @@ $( document ).ready(function() {
|
| [% c.loc('Secret Key (empty=disabled)') %] |
- [% mtf_pref.secret_key %]
+ [% mtf_pref.secret_key | html %]
|
@@ -565,7 +574,7 @@ $( document ).ready(function() {
| [% c.loc('Secret Key Renew Notify') %] |
[% FOR notify_email IN mtf_secret_renew_notify -%]
- [% notify_email.destination %]
+ [% notify_email.destination | html %]
[% END -%]
|
@@ -583,7 +592,7 @@ $( document ).ready(function() {
| [% c.loc('ACL') %] |
[% FOR acl IN mtf_acl -%]
- [% acl.use_regex ? c.loc('regex') : '' %] [% c.loc('from_email') %] [% acl.from_email ? acl.from_email : c.loc('any') %] [% c.loc('and') %] [% c.loc('received_from') %] [% acl.received_from ? acl.received_from : c.loc('any') %] [% c.loc('to') %] [% acl.destination ? acl.destination : c.loc('any') %] [% c.loc('destination') %]
+ [% acl.use_regex ? c.loc('regex') : '' %] [% c.loc('from_email') | html %] [% acl.from_email ? acl.from_email : c.loc('any') | html %] [% c.loc('and') %] [% c.loc('received_from') | html %] [% acl.received_from ? acl.received_from : c.loc('any') | html %] [% c.loc('to') | html %] [% acl.destination ? acl.destination : c.loc('any') | html %] [% c.loc('destination') | html %]
[% END -%]
|
@@ -973,7 +982,7 @@ $( document ).ready(function() {
|
[% FOREACH set IN cf_sets -%]
- | [% set.name %] |
+ [% set.name | html %] |
[% FOREACH d IN set.destinations -%]
[% c.loc('[_1]for [_2]s', d.as_string, d.timeout) %]
@@ -1023,10 +1032,10 @@ $( document ).ready(function() {
|
[% FOREACH set IN cf_sets -%]
- | [% set.name %] |
+ [% set.name | html %] |
[% FOREACH p IN set.periods -%]
- [% p.as_string %]
+ [% p.as_string | html %]
[% END -%]
|
@@ -1074,11 +1083,11 @@ $( document ).ready(function() {
|
[% FOREACH set IN cf_source_sets -%]
- | [% set.name %] |
+ [% set.name | html %] |
[% set.mode %] |
[% FOREACH source IN set.sources -%]
- [% source.as_string %]
+ [% source.as_string | html %]
[% END -%]
|
@@ -1126,11 +1135,11 @@ $( document ).ready(function() {
|
[% FOREACH set IN cf_bnumber_sets -%]
- | [% set.name %] |
+ [% set.name | html %] |
[% set.mode %] |
[% FOREACH number IN set.bnumbers -%]
- [% number.as_string %]
+ [% number.as_string | html %]
[% END -%]
|
| | | | |