html formatter: encode href attributes

author Fabian Grünbichler <f.gruenbichler@proxmox.com>

Tue, 17 May 2022 12:48:27 +0000 (14:48 +0200)

committer Thomas Lamprecht <t.lamprecht@proxmox.com>

Tue, 17 May 2022 14:39:47 +0000 (16:39 +0200)
author Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tue, 17 May 2022 12:48:27 +0000 (14:48 +0200)
committer Thomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 17 May 2022 14:39:47 +0000 (16:39 +0200)
diff --git a/src/PVE/APIServer/Formatter/HTML.pm b/src/PVE/APIServer/Formatter/HTML.pm

index 743d0ad8165a16612c04cf27c3e7d95efb2590f5..80617ca099bb51b6705b2a5ad32259ff06133c7e 100644 (file)
--- a/src/PVE/APIServer/Formatter/HTML.pm
+++ b/src/PVE/APIServer/Formatter/HTML.pm
@@ -91,7 +91,7 @@ sub render_page {
         text => 'Home'}};
  
      foreach my $comp (@pcomp) {
-       $href .= "/$comp";
+       $href .= "/".encode_entities($comp);
         push @$items, { tag => 'li', cn => {
             tag => 'a',
             href => $href,
@@ -214,7 +214,7 @@ PVE::APIServer::Formatter::register_formatter($portal_format, sub {
                     push @$items, {
                         tag => 'a',
                         class => 'list-group-item',
-                       href => "$path/$value",
+                       href => "$path/".encode_entities($value),
                         cn => [
                             {
                                 tag => 'h4',
author	Fabian Grünbichler <f.gruenbichler@proxmox.com>
	Tue, 17 May 2022 12:48:27 +0000 (14:48 +0200)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Tue, 17 May 2022 14:39:47 +0000 (16:39 +0200)