Time-Tracker Demo: Escape html entities in output.

1 files changed, 8 insertions, 8 deletions

diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page
index 38c8d86d..5f961da4 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page
+++ b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page
@@ -22,9 +22,9 @@
 					<th>Est. Completion</th>

 				</tr>

 				<tr>

-					<td><%# $this->DataItem->ProjectName %></td>

-					<td><%# $this->DataItem->EstimateHours %></td>

-					<td><%# $this->DataItem->ActualHours %></td>

+					<td><%# h($this->DataItem->ProjectName) %></td>

+					<td><%# h($this->DataItem->EstimateHours) %></td>

+					<td><%# h($this->DataItem->ActualHours) %></td>

 					<td>

 						<com:System.I18N.TDateFormat 

 							Pattern="dd/MM/yyyy"

@@ -49,9 +49,9 @@
 					<th>Actual Hours</th>

 					</tr>

 					<tr>

-						<td><%# $this->DataItem->CategoryName %></td>

-						<td><%# $this->DataItem->EstimateHours %></td>

-						<td><%# $this->DataItem->ActualHours %></td>

+						<td><%# h($this->DataItem->CategoryName) %></td>

+						<td><%# h($this->DataItem->EstimateHours) %></td>

+						<td><%# h($this->DataItem->ActualHours) %></td>

 					</tr>

 					

 					

@@ -60,10 +60,10 @@
 					<!-- member -->				

 						<tr>

 							<td colspan="2">

-							<%# $this->DataItem['username'] %>

+							<%# h($this->DataItem['username']) %>

 						</td>

 						<td>

-							<%# $this->DataItem['hours'] %>

+							<%# h($this->DataItem['hours']) %>

 						</td>

 						</tr>

 					<!-- //member -->