added html tags escaping

very-twi · very-twi · commit 1689ea34a25f · 2015-12-28T15:23:53.000+01:00
diff --git a/web/edit/file/index.php b/web/edit/file/index.php
@@ -74,7 +74,7 @@
 <input type="submit" name="save" value="Save" class="save" />
 
 
-<textarea name="contents" class="editor" id="editor" rows="4" style="display:none;width: 100%; height: 100%;"><?php echo $content ?></textarea>
+<textarea name="contents" class="editor" id="editor" rows="4" style="display:none;width: 100%; height: 100%;"><?=htmlentities($content)?></textarea>
 
 </form>
 
