From 9e3c1be4c67c05dc55dfc20d5e2aa223ea41fcf9 Mon Sep 17 00:00:00 2001
From: "reed%reedloden.com" <reed%reedloden.com>
Date: Tue, 24 Oct 2006 05:33:44 +0000
Subject: [PATCH] Bug 152688 - "doctor error message does not escape input"
 [p=reed r=mkanat]

---
 webtools/doctor/templates/code-error.tmpl | 2 +-
 webtools/doctor/templates/user-error.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/webtools/doctor/templates/code-error.tmpl b/webtools/doctor/templates/code-error.tmpl
index 870d2bd243ff..0a1e96478564 100644
--- a/webtools/doctor/templates/code-error.tmpl
+++ b/webtools/doctor/templates/code-error.tmpl
@@ -42,7 +42,7 @@
       at <a href="mailto:[% config.ADMIN_EMAIL %]">[% config.ADMIN_EMAIL %]</a>.
     </p>
     
-    <p>[% message %]</p>
+    <p>[% message FILTER html %]</p>
   </body>
 
 </html>
diff --git a/webtools/doctor/templates/user-error.tmpl b/webtools/doctor/templates/user-error.tmpl
index ac6791d272e8..04c4cb79bef2 100644
--- a/webtools/doctor/templates/user-error.tmpl
+++ b/webtools/doctor/templates/user-error.tmpl
@@ -38,7 +38,7 @@
       Doctor couldn't process your request because of the following problem:
     </p>
     
-    <p><big><b>[% message %]</b></big></p>
+    <p><big><b>[% message FILTER html %]</b></big></p>
     
       <p>
         The problem occurred when Doctor tried to execute the CVS command: