LP#1757526: escape more catalog data (MFHD edition)

This patch ensures that data derived from MFHDs is escaped
for in the issues held tab on the public catalog record display
page.

Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>

diff --git a/Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2 b/Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2
index ced0ec6..bd6bb97 100644 (file)
--- a/Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2
+++ b/Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2
@@ -20,7 +20,7 @@
                 NEXT UNLESS serial.$type.size;
                 IF !printed_mfhd_header; %]
                 <tr>
-                    <td class="rdetail-mfhd-head" colspan="2">[% l('Holdings summary ([_1])', serial.location) %]</td>
+                    <td class="rdetail-mfhd-head" colspan="2">[% l('Holdings summary ([_1])', serial.location) | html %]</td>
                 </tr>
                 [% printed_mfhd_header = 1;
                 END; %]
@@ -28,7 +28,7 @@
                     <td class="rdetail-mfhd-type">[% mfhd.$type %]</td>
                     <td class="rdetail-mfhd-contents">[%
                         FOR thing IN serial.$type;
-                            thing.join(", ");
+                            thing.join(", ") | html;
                         END %]</td>
                 </tr>
             [% END;