gnats/76: gnatsweb needs to escape HTML <tag>s in display_query_results

[frank]

>Number:         76
>Category:       gnats
>Synopsis:       gnatsweb needs to escape HTML <tag>s in display_query_results
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 23 16:54:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     address@hidden
>Release:        gnatsweb-2.6
>Organization:
>Environment:

>Description:
The problem arises when someone puts a tag (<tag>) into the Synopsis of
a bug (which is something I need to do). Initially, it
would just not display the stuff in the <>s, but when I put 
<script> in there, the browser wouldn't display any of the
table (becasue there was no </script>.
>How-To-Repeat:
Sumbit a bug (like this one) with a <tag> in it.
>Fix:
the fix is to change the line (at about line 1784:

      print "<td nowrap>$fieldcontents";

to:
      print "<td nowrap>", escapeHTML($fieldcontents);

One interesting thing I had to do was add a charset("ISO-8859-1") call
to my gnatsweb-site.pl (otherwise the source turns into a bunch of HTML
entities). I'm not sure why this is so. It doesn't appear that the gnats
site has that problem. Perhaps it's Apache.
>Release-Note:
>Audit-Trail:
>Unformatted: