From 19925fe894ceadf9d5facfdae814c175528811c9 Mon Sep 17 00:00:00 2001
From: Galen Charlton <gmc@equinoxinitiative.org>
Date: Tue, 27 Mar 2018 16:30:35 -0400
Subject: [PATCH] LP#1757526: escape more catalog data (MFHD edition)

This patch ensures that data derived from MFHDs is escaped
for in the issues held tab on the public catalog record display
page.

Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
---
 Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2 b/Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2
index ced0ec6834..bd6bb97cf2 100644
--- a/Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2
+++ b/Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2
@@ -20,7 +20,7 @@
                 NEXT UNLESS serial.$type.size;
                 IF !printed_mfhd_header; %]
                 <tr>
-                    <td class="rdetail-mfhd-head" colspan="2">[% l('Holdings summary ([_1])', serial.location) %]</td>
+                    <td class="rdetail-mfhd-head" colspan="2">[% l('Holdings summary ([_1])', serial.location) | html %]</td>
                 </tr>
                 [% printed_mfhd_header = 1;
                 END; %]
@@ -28,7 +28,7 @@
                     <td class="rdetail-mfhd-type">[% mfhd.$type %]</td>
                     <td class="rdetail-mfhd-contents">[%
                         FOR thing IN serial.$type;
-                            thing.join(", ");
+                            thing.join(", ") | html;
                         END %]</td>
                 </tr>
             [% END;
-- 
2.11.0