kpac : html escape title/author in record rows

author Bill Erickson <berick@esilibrary.com>

Mon, 16 Apr 2012 21:04:10 +0000 (17:04 -0400)

committer Mike Rylander <mrylander@gmail.com>

Mon, 30 Jul 2012 19:03:23 +0000 (15:03 -0400)
author Bill Erickson <berick@esilibrary.com>
Mon, 16 Apr 2012 21:04:10 +0000 (17:04 -0400)
committer Mike Rylander <mrylander@gmail.com>
Mon, 30 Jul 2012 19:03:23 +0000 (15:03 -0400)
diff --git a/Open-ILS/src/templates/kpac/parts/record_row.tt2 b/Open-ILS/src/templates/kpac/parts/record_row.tt2

index 274fce8..1f8f201 100644 (file)
--- a/Open-ILS/src/templates/kpac/parts/record_row.tt2
+++ b/Open-ILS/src/templates/kpac/parts/record_row.tt2
@@ -11,8 +11,8 @@
              src='[% mkurl(img_src, {}, 1) %]' /></a><br />
      </div>
      <div class="item_detail_info">
-        <div class="item_detail_name"><a href="[% mkurl(ctx.kpac_root _ '/record/' _ rec_id) %]">[% attrs.title %]</a></div>
-        <div class="item_detail_author">[% l('by [_1]', attrs.author) %]</div>
+        <div class="item_detail_name"><a href="[% mkurl(ctx.kpac_root _ '/record/' _ rec_id) %]">[% attrs.title | html %]</a></div>
+        <div class="item_detail_author">[% l('by [_1]', attrs.author) | html %]</div>
          <div class="item_detail_callnumber">[% attrs.holdings.0.label | html %]</div>
          <div class="item_detail_extra_info">
              [% l('[_1], [_2]', attrs.publisher, attrs.pubdate) | html %] <!-- TODO fix commas, etc. -->
author	Bill Erickson <berick@esilibrary.com>
	Mon, 16 Apr 2012 21:04:10 +0000 (17:04 -0400)
committer	Mike Rylander <mrylander@gmail.com>
	Mon, 30 Jul 2012 19:03:23 +0000 (15:03 -0400)